Audit Log API

Query the workspace audit log. Every state-changing operation across the platform is recorded with action, resource type, actor, IP address, and metadata. Overseers can query across subordinate workspaces.

Endpoints

Method	Path	Description
`GET`	`/api/audit`	List audit log entries

Query Parameters

Parameter	Type	Default	Description
`limit`	number	50	Records per page (1-100)
`offset`	number	0	Pagination offset
`action`	string	-	Filter by action (e.g. CREATE, DELETE, APPROVE)
`entityType`	string	-	Filter by resource type (e.g. FORM, TABLE, MATTER)
`search`	string	-	Case-insensitive text search across action, resource, user name, and email
`crossWorkspace`	boolean	false	Include subordinate workspace logs (overseer only)
`excludeNoisy`	boolean	true	Exclude system events (page views, presence, favourites, emoji responses)

Example Response

{
  "logs": [
    {
      "id": "cm_audit_abc123",
      "action": "CREATE",
      "resource": "FORM",
      "resourceId": "cm_form_def456",
      "metadata": { "name": "Contact Us" },
      "ipAddress": "203.0.113.42",
      "userAgent": "Mozilla/5.0...",
      "createdAt": "2026-02-27T10:30:00.000Z",
      "user": {
        "name": "Will Lilley",
        "email": "will@example.com"
      },
      "organization": {
        "id": "cm_org_ghi789",
        "name": "Acme Corp"
      }
    }
  ],
  "pagination": {
    "total": 1234,
    "limit": 50,
    "offset": 0,
    "hasMore": true
  }
}

Common Action Values

The action field uses a mix of generic CRUD verbs and domain-specific identifiers. Common values:

Action	Description
`CREATE` / `UPDATE` / `DELETE`	Standard CRUD operations
`ARCHIVE` / `RESTORE`	Soft delete and recovery
`APPROVE` / `REJECT`	Approval workflows
`SHARE` / `SUBMIT`	Sharing and submissions
`SYNC` / `TRIGGER`	Pipelines and integrations
`AI_CHAT_MESSAGE`	AI assistant interactions
`addon.install` / `addon.uninstall`	Addon lifecycle

Common Resource Values

The resource field identifies what was acted on. Uses both SCREAMING_CASE and snake_case:

Resource	Description
`FORM`, `SUBMISSION`, `TABLE`	Core data models
`MATTER`, `MATTER_STEP`	Matter lifecycle
`DOCUMENT`, `WORKFLOW`	Knowledge base and automations
`table_row`, `table_column`	Table sub-resources
`INVOICE`, `DASHBOARD`	Accounting and reporting
`EXTERNAL_CONNECTION`, `PIPELINE_RUN`	External integrations

Notes

Audit log entries are immutable during their retention period and cannot be deleted via the API.
The metadata field is automatically sanitised to redact sensitive values (passwords, tokens, API keys).
Cross-workspace queries require the calling user to have active oversight relationships.
The Settings UI at Settings -> Audit Log provides a human-readable view with filtering and search.
Retention: Audit logs are retained per workspace configuration (default 180 days). Five tiers available: Standard (180d), Extended (1yr), Finance (7yr), Legal (25yr), Indefinite. Configure at Settings -> Organisation -> Retention.
Archive-before-delete: Expired logs are archived to JSON (AuditArchive table) before deletion. Archives are retained indefinitely for compliance evidence.
Retention API: GET/PUT /api/organizations/[orgId]/audit-retention. See SSO & SCIM docs for full reference.