Audit Logs
Aero2 automatically logs security-relevant events. Use the audit API to investigate activity, monitor for suspicious behavior, and meet compliance requirements.
Query Audit Logs
# Recent events (default: 50 per page)
curl https://aero2.dev/api/audit \
-H "Authorization: Bearer <admin_token>"
# Filter by event type
curl "https://aero2.dev/api/audit?event_type=user_login" \
-H "Authorization: Bearer <admin_token>"
# Filter by user
curl "https://aero2.dev/api/audit?user_id=<user_id>" \
-H "Authorization: Bearer <admin_token>"
# Filter by date range
curl "https://aero2.dev/api/audit?start_date=2026-02-01&end_date=2026-02-07" \
-H "Authorization: Bearer <admin_token>"
# Combine filters with pagination
curl "https://aero2.dev/api/audit?event_type=user_login&page=2&limit=25" \
-H "Authorization: Bearer <admin_token>"View Available Event Types
curl https://aero2.dev/api/audit/events \
-H "Authorization: Bearer <admin_token>"Returns event types with counts, useful for building dashboards:
{
"event_types": [
{ "event_type": "user_login", "count": 150 },
{ "event_type": "session_revoked", "count": 12 },
{ "event_type": "client_created", "count": 3 }
]
}View Event Details
curl https://aero2.dev/api/audit/<event_id> \
-H "Authorization: Bearer <admin_token>"User-Specific Audit History
View all events for a specific user:
curl https://aero2.dev/api/users/<user_id>/audit \
-H "Authorization: Bearer <admin_token>"Common Event Types
| Event | Trigger |
|---|---|
user_login | Successful authentication |
user_logout | User signed out |
user_created | New user registered |
user_updated | User profile modified |
user_deleted | User account removed |
session_revoked | Single session revoked |
session_revoked_all | All user sessions revoked |
client_created | OAuth client registered |
client_updated | Client configuration changed |
client_deleted | Client removed |
client_secret_rotated | Client secret regenerated |
role_assigned | Role given to user |
role_removed | Role taken from user |
idp_created | Identity provider configured |
idp_updated | IdP configuration changed |
idp_deleted | IdP removed |
identity_linked | External identity linked |
identity_unlinked | External identity removed |