Audit Log

Aero2 records audit events for security-relevant actions: logins, logouts, role changes, client modifications, and more. Audit logs are scoped per application — each app only sees its own events. All audit endpoints require admin access.

GET/api/auditAdmin

Returns a paginated list of audit events. Supports filtering by event type, user, and date range.

Parameter	Type	Description
page query	number	Page number (default: 1)
limit query	number	Results per page (default: 50, max: 100)
event_type query	string	Filter by event type
user_id query	string	Filter by user ID
start_date query	string	Filter events after this date (ISO 8601)
end_date query	string	Filter events before this date (ISO 8601)

Response

{
  "audit_logs": [
    {
      "id": "audit-uuid",
      "user_id": "user-uuid",
      "user_email": "jane@example.com",
      "event_type": "user_login",
      "event_data": {
        "idp": "github"
      },
      "ip_address": "203.0.113.1",
      "user_agent": "Mozilla/5.0...",
      "created_at": "2026-02-01T10:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 50,
    "total": 1,
    "total_pages": 1
  }
}

GET/api/audit/:idAdmin

Returns details of a specific audit event.

Parameter	Type	Description
id* path	string	Audit event ID

Response

{
  "id": "audit-uuid",
  "user_id": "user-uuid",
  "user_email": "jane@example.com",
  "user_name": "Jane Doe",
  "event_type": "user_login",
  "event_data": {
    "idp": "github"
  },
  "ip_address": "203.0.113.1",
  "user_agent": "Mozilla/5.0...",
  "created_at": "2026-02-01T10:00:00Z"
}

GET/api/audit/eventsAdmin

Returns all distinct event types with their counts. Useful for building filter UIs.

Response

{
  "event_types": [
    {
      "event_type": "user_login",
      "count": 150
    },
    {
      "event_type": "session_revoked",
      "count": 12
    },
    {
      "event_type": "client_created",
      "count": 3
    }
  ]
}

GET/api/users/:id/auditAdmin

Returns audit events for a specific user.

Parameter	Type	Description
id* path	string	User ID
page query	number	Page number (default: 1)
limit query	number	Results per page (default: 50, max: 100)

Response

{
  "user": {
    "id": "user-uuid",
    "email": "jane@example.com"
  },
  "audit_logs": [
    {
      "id": "audit-uuid",
      "event_type": "user_login",
      "event_data": {
        "idp": "github"
      },
      "ip_address": "203.0.113.1",
      "user_agent": "Mozilla/5.0...",
      "created_at": "2026-02-01T10:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 50,
    "total": 1,
    "total_pages": 1
  }
}

Event Types

Common event types include:

Event	Description
`user_login`	User authenticated
`user_logout`	User signed out
`session_revoked`	Single session revoked
`session_revoked_all`	All sessions revoked
`client_created`	OAuth client registered
`client_deleted`	OAuth client removed
`role_assigned`	Role assigned to user
`role_removed`	Role removed from user
`idp_created`	Identity provider configured