Audit logs
Audit logs help Builders understand what changed in an app, who changed it, and when it happened.
When to open audit logs
Open Admin > Audit Logs when you need to answer:
- who changed an Auth setting?
- when was an API key rotated?
- who created or edited an organization?
- was a webhook endpoint changed?
- did a setup action happen in the wrong app?
- what changed before a user-visible issue started?
Filter activity
Use filters to narrow the log:
| Filter | Use it for |
|---|---|
| Action or event type | Find one kind of change. |
| Actor | Find changes by a specific Builder or system actor. |
| Date from | Start an investigation window. |
| Date to | End an investigation window. |
Set a narrow time range first. Expand only if the expected event is not visible.
Export logs
Use CSV for spreadsheet review. Use JSON for automation, support tooling, or deeper investigation.
Export only what you need. Audit logs can contain operational context and should be handled as internal operational data.
Investigation workflow
- Open the affected app.
- Open Admin > Audit Logs.
- Filter by the approximate time window.
- Search for the affected area, such as Auth, email, webhook, organization, or key.
- Identify the actor and event.
- Compare the current setting with the expected setting.
- Revert the change if safe.
- Rotate credentials if a secret may have been exposed.
What not to put in public tickets
Do not paste:
- passwords
- provider secrets
- API secret keys
- private tokens
- full exported user lists
- raw sensitive log payloads
Include only the minimum context needed for support or engineering review.
Related pages: