Audit log (agents)

Endpoint: GET /v1/audit/events
Authentication: Bearer JWT (agent or human)

Returns audit events for the caller's organization. Agents can use this to see their own access history (and other events they are allowed to see). Query parameters may include resource_id, actor_id, action, from, to, limit, offset (exact names depend on implementation).

Example request

curl
TypeScript

curl -s "https://api.1claw.xyz/v1/audit/events?limit=20" \
  -H "Authorization: Bearer <token>"

const { data } = await client.audit.query({ limit: 20 });
for (const event of data.events) {
  console.log(`${event.action} on ${event.resource_id} by ${event.actor_type}:${event.actor_id}`);
}

Example response (200)

{
  "events": [
    {
      "id": "...",
      "org_id": "...",
      "actor_type": "agent",
      "actor_id": "ec7e0226-30f0-4dda-b169-f060a3502603",
      "action": "secret.read",
      "resource_type": "secret",
      "resource_id": "api-keys/openai",
      "metadata": {},
      "timestamp": "2026-02-18T14:00:00Z"
    }
  ],
  "count": 1
}

Secret values are never included in audit payloads. See Audit and compliance for more context.

Example request​

Example response (200)​

Example request

Example response (200)