Apidog Docs
🇺🇸 English
  • 🇺🇸 English
  • 🇯🇵 日本語
  • 🇪🇸 Español
  • 🇰🇷 한국인
  • 🇨🇳 简体中文
  • 🇵🇹 Português (Portugal)
  • 🇮🇩 Bahasa Indonesia
  • 🇧🇷 Português (Brasil)
  • 🇻🇳 Tiếng Việt
  • 🇨🇳 繁體中文
🇺🇸 English
  • 🇺🇸 English
  • 🇯🇵 日本語
  • 🇪🇸 Español
  • 🇰🇷 한국인
  • 🇨🇳 简体中文
  • 🇵🇹 Português (Portugal)
  • 🇮🇩 Bahasa Indonesia
  • 🇧🇷 Português (Brasil)
  • 🇻🇳 Tiếng Việt
  • 🇨🇳 繁體中文
🇺🇸 English
  • 🇺🇸 English
  • 🇯🇵 日本語
  • 🇪🇸 Español
  • 🇰🇷 한국인
  • 🇨🇳 简体中文
  • 🇵🇹 Português (Portugal)
  • 🇮🇩 Bahasa Indonesia
  • 🇧🇷 Português (Brasil)
  • 🇻🇳 Tiếng Việt
  • 🇨🇳 繁體中文
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
HomeLearning Center
Support CenterAPI ReferencesDownloadChangelog
  1. Managing Organization
  • Apidog Learning Center
  • Getting Started
    • Introduction to Apidog
    • Basic Concepts in Apidog
    • Navigating Apidog
    • Quick Start
      • Overview
      • Creating an Endpoint
      • Making a Request
      • Adding an Assertion
      • Creating Test Scenarios
      • Sharing API Documentation
      • Explore More
    • Migration to Apidog
      • Overview
      • Manual Import
      • Scheduled Import (Bind Data Sources)
      • Import Options
      • Export Data
      • Import From
        • Import from Postman
        • Import from Stoplight
        • Import OpenAPI Spec
        • Import cURL
        • Import Markdowns
        • Import from Insomnia
        • Import from apiDoc
        • Import .har File
        • Import WSDL
  • Design APIs
    • Overview
    • Create a New API Project
    • Endpoint Basics
    • APl Design Guidelines
    • Module
    • Configure Multiple Request Body Examples
    • Components
    • Common Fields
    • Global Parameters
    • Endpoint Change History
    • Comments
    • Batch Endpoint Management
    • Custom Protocol API
    • Spec-first Mode (Beta)
    • Schemas
      • Overview
      • Create a New Schema
      • Build a Schema
      • Generate Schemas from JSON Etc
      • oneOf, allOf, anyOf
      • Using Discriminator
    • Security Schemes
      • Overview
      • Create a Security Scheme
      • Use the Security Scheme
      • Security Scheme in Online Documentation
    • Advanced Features
      • Custom Endpoint Fields
      • Associated Test Scenarios
      • Endpoint Status
      • Appearance of Parameter Lists
      • Endpoint Unique Identification
  • Develop and Debug APIs
    • Overview
    • Generating Requests
    • Sending Requests
    • Debugging Cases
    • Test Cases
    • Dynamic Values
    • Validating Responses
    • Design-First vs Request-First
    • Generating Code
    • AI Debugging
      • AI Agent Debugger
      • A2A Debugger
    • Environments & Variables
      • Overview
      • Using Variables
      • Environment Management
    • Vault Secrets
      • Overview
      • HashiCorp Vault
      • Azure Key Vault
      • AWS Secrets Manager
    • Pre and Post Processors
      • Overview
      • Assertion
      • Extract Variable
      • Wait
      • Security
      • Database Operations
        • Overview
        • MySQL
        • MongoDB
        • Redis
        • Oracle Client
      • Using Scripts
        • Overview
        • Pre Processor Scripts
        • Post Processor Scripts
        • Public Scripts
        • Postman Scripts Reference
        • Calling Other Programming Languages
        • Using JS Libraries
        • Visualizing Responses
        • Script Examples
          • Assertion Scripts
          • Using Variables
          • Modifying Requests
          • Other Examples
    • Dynamic Values Modules
  • Mock API Data
    • Overview
    • Smart Mock
    • Custom Mock
    • Mock Priority Sequence
    • Mock Scripts
    • Cloud Mock
    • Self-Hosted Runner Mock
    • Mock Language (Locales)
  • API Testing
    • Overview
    • Test Scenarios
      • Create a Test Scenario
      • Pass Data Between Requests
      • Flow Control Conditions
      • Sync Data from Endpoints and Endpoint Cases
      • Import Endpoints and Endpoint Cases from Other Projects
      • Export Test Scenarios
    • Run Test Scenarios
      • Run a Test Scenario
      • Run Test Scenarios in Batch
      • Data-Driven Testing
      • Shared Test Data
      • Scheduled Tasks
      • Manage Runtime Environment of APIs from Other Projects
    • Test Suite
      • Overview
      • Create A Test Suite
      • Orchestrate Test Suite
      • Run Test Suites Locally
      • Run Test Suites Via CLI
      • Scheduled Tasks
    • Test Reports
      • Test Reports
    • Test APIs
      • Integration Testing
      • Performance Testing
      • End-to-End Testing
      • Regression Testing
      • Contract Testing
    • Apidog CLI
      • Overview
      • Installing and Running Apidog CLI
      • Apidog CLI Commands & Options
    • CI CD
      • Overview
      • Integrate with Github Actions
      • Integrate with Gitlab
      • Integrate with Jenkins
      • Trigger Test by Git Commit
  • Publish API Docs
    • Overview
    • API Technologies Supported
    • Quick Share
    • Viewing API Documentation
    • Markdown Documentation
    • Publishing Documentation Sites
    • Custom Login Page
    • Custom Layouts
    • Custom CSS, JavaScript, HTML
    • Custom Domain
    • AI Features
    • SEO Settings
    • Advanced Settings
      • Documentation Search
      • CORS Proxy
      • Integrating Google Analytics
      • Folder Tree Settings
      • Visibility Settings
      • Embedding Values in Document URLs
    • API Versions
      • Overview
      • Creating API Versions
      • Publishing API Versions
      • Sharing Endpoints with API Versions
  • Send Requests
    • Overview
    • SSE Debugging
    • MCP Client
    • Socket.IO
    • WebSocket
    • Webhook
    • SOAP or WebService
    • GraphQL
    • gRPC
    • Use Request Proxy Agents for Debugging
    • Create Requests
      • Request History
      • Request Basics
      • Parameters and Body
      • Request Headers
      • Request Settings
      • Debug Requests
      • Saving Requests as Endpoints
      • HTTP/2
    • Response and Cookies
      • Viewing API Responses
      • Managing Cookies
      • Overview
    • Authentication and Authorization
      • Overview
      • CA and Client Certificates
      • Authorization Types
      • Digest Auth
      • OAuth 1.0
      • OAuth 2.0
      • Hawk Authentication
      • Kerberos
      • NTLM
      • Akamai EdgeGrid
  • Branches
    • Overview
    • Creating a Sprint Branch
    • Testing APIs in a Branch
    • Designing APIs in a Branch
    • Merging Sprint Branches
    • Managing Sprint Branches
    • AI Branch (Beta)
  • AI Features
    • Overview
    • Enabling AI Features
    • Generating Test Cases
    • Modifying Schemas with AI
    • Endpoint Compliance Check
    • API Documentation Completeness Check
    • AI-Powered Field Naming
    • FAQs
  • Apidog MCP Server
    • Overview
    • Connect Apidog Project to AI
    • Connect Published Documentation to AI
    • Connect OpenAPI Files to AI
  • Best Practices
    • Handling API Signatures
    • Accessing OAuth 2.0 Protected APIs
    • Collaboration Workflow
    • Managing Authentication State
  • Offline Space
    • Overview
  • Administration
    • Onboarding Checklist
      • Basic Concepts
      • Onboarding Guide
    • Managing Projects
      • Managing Projects
      • Notification Settings
      • Managing Project Members
      • Project Resources
        • Database Connection
        • Git Connection
    • Managing Teams
      • Managing Teams
      • Managing Team Members
      • Team Activities
      • Team Roles & Permissions
      • Team Resources
        • General Runner
        • Team Variables
        • Request Proxy Agent
      • Real-time Collaborations
        • Team Collaboration
    • Managing Organization
      • Managing Organization
      • Organization Role & Permissions
      • Audit Logs
      • Single Sign-On (SSO)
        • SSO Overview
        • Configuring Microsoft Entra ID
        • Configuring Okta
        • Configuring SSO for an Organization
        • Managing User Accounts
        • Mapping Groups to Teams
      • SCIM Provisioning
        • Introduction to SCIM Provisioning
        • Microsoft Entra ID
        • Okta
      • Plans Management
        • Billing Managers in Organizations
      • Organization Resources
        • Self-Hosted Runner
  • Billing
    • Overview
    • Credits
    • Upgrading Your Plan
    • Alternative Payment Methods
    • Managing Subscriptions
    • Moving Paid Teams to Organizations
  • Data & Security
    • Data Storage and Security
    • User Data Privacy and Security
    • Request Routing and Data Security
  • Add-ons
    • API Hub
    • Apidog Intellij IDEA Plugin
    • Browser Extension
      • Chrome
      • Microsoft Edge
    • Request Proxy
      • Request Proxy in Web
      • Request Proxy in Shared Docs
      • Request Proxy in Client
  • Account & Preferences
    • Account Settings
    • Generating OpenAPI Access Token
    • Notification
    • Language Settings
    • Hot Keys
    • Network Proxy Configuration
    • Backing Up Data
    • Updating Apidog
    • Deleting Account
    • Experimental Features
  • References
    • API Design-First Approach
    • Apidog OpenAPI Specificaiton Extensions
    • JSONPath
    • XPath
    • Regular Expressions
    • JSON Schema
    • CSV File Format
    • Installing Java Environment
    • Runner Deployment Environment
    • Apidog Markdown Syntax
    • Apidog Swagger Extensions
      • Overview
      • x-apidog-folder
      • x-apidog-status
      • x-apidog-name
      • x-apidog-maintainer
    • Apidog JSON Schema Extensions
      • Overview
      • x-apidog-mock
      • x-apidog-orders
      • x-apidog-enum
  • Apidog Europe
    • Apidog Europe
  • Support Center
  1. Managing Organization

Audit Logs

Audit Logs allow Enterprise organizations to review security-related organization activity in Apidog. Organization Owners and Organization Admins can use audit logs to check who performed an action, when it happened, which IP address it came from, and which organization resource was affected.
Audit Logs are available for Enterprise organizations. Audit log data is retained for 180 days.
Use Audit Logs for security reviews, internal audits, compliance checks, and investigating organization-level changes such as member updates, role changes, authentication activity, access token changes, SSO and SCIM activity, public access changes, and data exports.
image.png

Availability and Permissions#

RoleView audit logsExport CSVQuery with API
Organization OwnerSupportedSupportedSupported
Organization AdminSupportedSupportedSupported
Organization MemberNot supportedNot supportedNot supported
Audit Logs are organization-level logs. Authentication events are displayed only when Apidog can reliably attribute the event to the organization.

View Audit Logs#

1
Go to Organization Settings.
2
Navigate to Security section.
3
Select Audit Logs.
The Audit Logs page displays organization-level events in a table. Each log entry includes the actor, event, description, IP address, and time.

Filter Audit Logs#

Use filters to narrow the audit log list during an investigation.
FilterDescription
Time rangeFilter logs by Last 7 days, Last 30 days, Last 90 days, Last 180 days, or a custom time range within the 180-day retention period.
EventFilter logs by event type, such as member role changes, login failures, access token changes, or audit log exports.
ActorFilter logs by the user or integration that performed the action.
image.png

Export Audit Logs#

You can export audit logs as a CSV file for offline review, security assessments, or archival workflows. CSV exports use the filters currently applied on the Audit Logs page and include matching logs within the 180-day retention period.
1
Apply the Filters you want to use.
2
Click Export Audit Logs.
3
Download the generated CSV file.
Exporting audit logs is also recorded in Audit Logs as.

Query Audit Logs with API#

Enterprise organizations can query audit logs programmatically with the Audit Logs API. This is useful when your team wants to collect logs on a schedule and import them into an external SIEM, security monitoring system, or internal audit pipeline.
The Audit Logs API supports time-window queries and cursor pagination within the 180-day retention period. Each Audit Logs API query is recorded as a query summary including details, such as the caller, IP address, query window, limit, result, and timestamp. It does not copy the full returned payload into the audit log metadata.
Audit Logs support API-based log collection. Native SIEM connectors, Syslog, generic webhook forwarding, and real-time log streaming are not yet supported.

Sensitive Data Protection#

Audit logs are designed to record security-relevant activity without storing sensitive values. Apidog uses the same redaction policy in the Audit Logs page, CSV exports, and API responses.
Audit logs do not expose token values, passwords, secret values, raw SAML assertions, reset tokens, private keys, or exported content.
Event areaSensitive data handling
Access tokensToken values are not exposed.
SCIMSCIM token values are not exposed.
Shared documentsShared document passwords are not exposed.
Vault and secretsSecret values are not exposed.
SSORaw SAML responses and assertions are not exposed.
Data exportsExported file content is not copied into audit log metadata.

Supported Audit Log Events#

The following event categories are supported in Audit Logs.
CategoryDescription
Members and permissionsOne or more people were invited to join the organization.
Members and permissionsA user became an organization member, such as through invitation acceptance, SCIM provisioning, SSO just-in-time joining, project invite, or team transfer.
Members and permissionsA member's organization-level role was changed.
Members and permissionsA member was removed from the organization, including manual removal or SCIM deprovisioning.
Members and permissionsAn organization member was added to a team.
Members and permissionsA member's role within an organization team was changed.
Members and permissionsA member was removed from an organization team.
Members and permissionsTeam membership was updated by SAML group mapping or directory sync.
Organization boundaryAn existing team was moved into the organization.
Members and permissionsA custom organization project role was created.
Members and permissionsA custom organization project role was changed, such as its name or permissions.
Members and permissionsA custom organization project role was deleted.
Access tokensAn access token was created. Token values are not exposed.
Access tokensAccess token settings were changed. Token values are not exposed.
Access tokensAn access token was regenerated or rotated. Old and new token values are not exposed.
Access tokensAn access token was deleted or revoked.
Authentication and sessionsA user signed in successfully.
Authentication and sessionsA sign-in attempt failed.
Authentication and sessionsA SAML SSO sign-in failed.
Authentication and sessionsA user signed out.
SSO and SCIMThe organization's SSO configuration was created or changed.
SSO and SCIMThe SCIM provisioning token was reset or regenerated. The token value is not exposed.
SSO and SCIMA user was provisioned through SCIM.
SSO and SCIMA user was deprovisioned through SCIM.
Data exportA data export request or export job was created.
Audit log activityAudit logs were exported, such as through a CSV export.
Public access governanceA Docs Site's visibility or access settings changed.
Public access governanceA Docs Site domain setting changed, including custom domain changes.
Public access governanceA shared document's visibility or access settings changed.
Public access governancePassword protection for a shared document changed. Password values are not exposed.
Vault and secretsA vault provider configuration was created, changed, or deleted. Secret configuration values are not exposed.
Vault and secretsVault secret entries were changed. Secret values are not exposed.
Authentication and sessionsA user completed a password reset.
AuthorizationAccess to a protected resource or action was denied.
Audit log activityAudit logs were queried through the Audit Logs API.

FAQs#

Are Audit Logs the same as Team Activity?
No. Audit Logs focus on security-relevant organization activity and administrative actions. They are designed for organization-level security reviews, compliance checks, and audit workflows. Team Activity is used to track project and team collaboration activity.
Do Audit Logs include Resource History or rollback?
Do Audit Logs record full request and response bodies?
Modified at 2026-07-15 08:02:21
Previous
Organization Role & Permissions
Next
SSO Overview
Built with