Audit Log

The Audit Log API allows you to query activity logs and audit trails with support for filtering, pagination, sorting, and free-text search.

Query Activities

Query activities

post

Query activity logs with filtering, pagination, sorting, and free-text search.

Free-Text Search

The search parameter performs a multi-field search across:

actor.email - Email address of the actor
action - Action performed
target.type - Type of target resource
target.id - ID of target resource
scope - Scope/domain of the activity

Search uses n-gram tokenization (3-4 characters) for partial matching.

Facets

The response includes faceted aggregations for:

actor_emails - Top 100 actor emails with counts
scopes - Top 100 scopes with counts
statuses - Status values with counts

Body

Request body for querying activities

searchstringOptional

Free-text search query. Searches across actor.email, action, target.type, target.id, and scope fields using n-gram matching.

Example: inventory

actor_idsstring[]Optional

Filter by actor IDs

Example: ["user-123","user-456"]

actor_emailsstring · email[]Optional

Filter by actor email addresses

Example: ["[email protected]"]

actionsstring[]Optional

Filter by action names

Example: ["inventory:sync","inventory:masterTypeAgg"]

target_typesstring[]Optional

Filter by target types

Example: ["workflow","resource"]

target_idsstring[]Optional

Filter by target IDs

Example: ["wf-123"]

scopesstring[]Optional

Filter by scope/domain

Example: ["inventory","workflows"]

start_timestring · date-timeOptional

Filter activities after this time (inclusive, RFC3339 format)

Example: 2025-12-01T00:00:00Z

end_timestring · date-timeOptional

Filter activities before this time (inclusive, RFC3339 format)

Example: 2025-12-31T23:59:59Z

limitinteger · max: 5000Optional

Maximum number of activities to return

Default: 100Example: 50

offsetintegerOptional

Number of activities to skip for pagination

Default: 0Example: 0

sort_bystringOptional

Field to sort results by

Default: event_timeExample: event_time

sort_orderstring · enumOptional

Sort order

Default: descExample: descPossible values:

Responses

200

Successful query

application/json

400

Invalid request parameters

application/json

500

Internal server error

application/json

post

/audit-log/activities

POST /v2/audit-log/activities HTTP/1.1
Host: api.firefly.ai
Content-Type: application/json
Accept: */*
Content-Length: 23

{
  "limit": 10,
  "offset": 0
}

{
  "activities": [
    {
      "id": "66169d5af4992fc0bab04510-0-0-1234567890",
      "event_time": "2025-12-10T14:07:57.388Z",
      "source": "api-gateway",
      "account_id": "66169d5af4992fc0bab04510",
      "actor": {
        "type": "api",
        "id": "system",
        "email": "[email protected]"
      },
      "action": "inventory:sync",
      "target": {
        "type": "workflow",
        "id": "wf-123"
      },
      "scope": "inventory",
      "method": "API",
      "status": "success"
    }
  ],
  "total": 150,
  "has_more": true,
  "facets": {
    "actor_emails": [
      {
        "key": "[email protected]",
        "count": 100
      },
      {
        "key": "[email protected]",
        "count": 50
      }
    ],
    "scopes": [
      {
        "key": "inventory",
        "count": 120
      },
      {
        "key": "workflows",
        "count": 30
      }
    ],
    "statuses": [
      {
        "key": "success",
        "count": 140
      },
      {
        "key": "failure",
        "count": 10
      }
    ]
  }
}

PreviousIdentity & Access Management NextSecurity & Compliance

Last updated 2 days ago

Was this helpful?

hashtagQuery Activities

hashtagQuery activities

Free-Text Search

Facets

Query Activities

Query activities