Platform
ScaiWave ScaiGrid ScaiCore ScaiBot ScaiDrive ScaiKey Models Tools & Services
Solutions
Organisations Developers Internet Service Providers Managed Service Providers AI-in-a-Box
Resources
Support Documentation Blog Downloads
Company
About Research Careers Investment Opportunities Contact
Log in

Audit Logs

Endpoint reference for audit log queries and exports. For the guide, see Audit Logs.

Base path: /v1/audit/

GET /v1/audit/logs#

Query the audit log.

Query parameters:

Name Type Description
from ISO 8601 Start time
to ISO 8601 End time
action string One or comma-separated
identity_id string Exact match
identity_type string user, service_account, group
path_prefix string
success boolean
source_ip string Exact
request_id string Exact
limit integer Default 100, max 1000
cursor string

Actions:

read, write, delete, list, rotate, policy_create, policy_update, policy_delete, policy_bind, policy_unbind, pki_issue, pki_sign, pki_revoke, pki_ca_create, dynamic_generate, dynamic_renew, dynamic_revoke, webhook_delivery, subscription_event, federation_sync, identity_sync, export_created.

Response:

json
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
{
  "logs": [
    {
      "id": "log_abc",
      "timestamp": "2026-04-23T...",
      "action": "read",
      "identity_type": "service_account",
      "identity_id": "sa:reporting",
      "secret_path": "integrations/salesforce/oauth",
      "source_ip": "10.0.1.50",
      "user_agent": "scaivault-python/1.0",
      "success": true,
      "duration_ms": 12,
      "request_id": "req_xyz",
      "extra_data": {}
    }
  ],
  "cursor": "...",
  "has_more": true
}

Scope: audit:read.

GET /v1/audit/secrets/{path}#

Secret-specific audit trail with 30-day summary.

Scope: audit:read.

GET /v1/audit/identities/{identity_id}#

Identity-specific audit trail with summary.

Scope: audit:read.

GET /v1/audit/summary#

Aggregate statistics.

Query: from, to.

Response:

json
1
2
3
4
5
6
7
8
{
  "total_events": 125432,
  "successful_events": 124890,
  "failed_events": 542,
  "actions_breakdown": {"read": 98321, "write": 1432},
  "top_identities": [{"identity_id": "sa:reporting", "count": 35000}],
  "top_resources": [{"path": "integrations/salesforce/oauth", "count": 15000}]
}

Scope: audit:read.

POST /v1/audit/export#

Create an export job.

Body:

Field Description
from, to Time range
format jsonl or csv
filters Same as list filters
destination.type s3, gcs, azure_blob
destination.bucket
destination.prefix
destination.credentials_path ScaiVault secret path with upload creds

Response 202 Accepted: export_id, status, estimated_records.

Scope: audit:export.

GET /v1/audit/exports#

List exports.

Scope: audit:export.

GET /v1/audit/exports/{id}#

Export status and manifest.

Response:

json
1
2
3
4
5
6
7
8
9
{
  "export_id": "exp_abc",
  "status": "completed",
  "record_count": 125432,
  "files": [
    {"key": "scaivault/2026-01/part-0001.jsonl", "size_bytes": 12345678}
  ],
  "completed_at": "2026-04-23T20:00:00Z"
}
Updated 2026-05-17 13:26:51 View source (.md) rev 2