AutoCom Docs

Activity Logs

AutoCom maintains comprehensive activity logs for security auditing, compliance, and troubleshooting. All significant user actions are automatically recorded.

Overview

The activity logging system tracks:

  • Security events - Login, logout, password changes
  • Team events - Invitations, role changes, member management
  • Data operations - CRUD operations on core entities
  • System events - Configuration changes, integrations

Permission Required

Viewing activity logs requires the admin.audit_log permission, typically assigned to admin and owner roles.

API Endpoints

List Activity Logs

Retrieve paginated activity logs with optional filtering.

GET /api/v1/activity-logs
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id

Query parameters:

  • action - Filter by action type (e.g., login, order.created)
  • user_id - Filter by user ID
  • subject_type - Filter by subject type (e.g., Order, User)
  • subject_id - Filter by subject ID
  • from - Start date (YYYY-MM-DD)
  • to - End date (YYYY-MM-DD)
  • per_page - Results per page (1-100, default 25)

Example:

GET /api/v1/activity-logs?action=login&from=2025-01-01&per_page=50

Response:

{
  "logs": [
    {
      "id": 123,
      "action": "login",
      "user": {
        "id": 1,
        "name": "John Doe"
      },
      "subject_type": "App\\Models\\User",
      "subject_id": 1,
      "metadata": {
        "ip": "192.168.1.100",
        "user_agent": "Mozilla/5.0..."
      },
      "created_at": "2025-01-27T08:30:00.000000Z"
    }
  ],
  "pagination": {
    "current_page": 1,
    "last_page": 5,
    "per_page": 25,
    "total": 112
  }
}

Get Log Details

Retrieve a single activity log entry with full details.

GET /api/v1/activity-logs/{id}
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id

Response:

{
  "log": {
    "id": 123,
    "action": "order.created",
    "user": {
      "id": 1,
      "name": "John Doe",
      "email": "john@example.com"
    },
    "subject_type": "App\\Models\\Order",
    "subject_id": 456,
    "subject": {
      "id": 456,
      "external_id": "ORD-001",
      "status": "pending"
    },
    "metadata": {
      "source": "api",
      "total": 99.99
    },
    "created_at": "2025-01-27T10:00:00.000000Z"
  }
}

List Available Actions

Get all action types that have been logged.

GET /api/v1/activity-logs/actions
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id

Response:

{
  "actions": [
    "login",
    "login_failed",
    "logout",
    "member.invited",
    "member.joined",
    "member.removed",
    "order.created",
    "order.updated",
    "password_changed",
    "role.assigned"
  ]
}

Security Events

Get security-related activity logs.

GET /api/v1/activity-logs/security
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id

Query parameters:

  • per_page - Results per page (1-100, default 25)

Response includes logs with these action types:

  • login - Successful logins
  • login_failed - Failed login attempts
  • logout - User logouts
  • password_changed - Password changes
  • password_reset_requested - Password reset requests
  • email_changed - Email address changes
  • email_verified - Email verifications

Team Events

Get team-related activity logs.

GET /api/v1/activity-logs/team
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id

Query parameters:

  • per_page - Results per page (1-100, default 25)

Response includes logs with these action types:

  • member.invited - Team invitations sent
  • member.joined - New members joined
  • member.removed - Members removed
  • member.suspended - Members suspended
  • role.assigned - Role changes

User Activity

Get activity for a specific user.

GET /api/v1/activity-logs/user/{userId}
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id

Query parameters:

  • limit - Maximum results (1-100, default 25)

Response:

{
  "logs": [
    {
      "id": 125,
      "action": "order.created",
      "subject_type": "App\\Models\\Order",
      "subject_id": 458,
      "created_at": "2025-01-27T11:00:00.000000Z"
    }
  ]
}

Export to CSV

Download activity logs as a CSV file for external analysis or compliance reporting.

GET /api/v1/activity-logs/export
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOi...
X-Tenant: your-tenant-id

Required parameters:

  • from - Start date (YYYY-MM-DD)
  • to - End date (YYYY-MM-DD)

Optional parameters:

  • action - Filter by action type
  • user_id - Filter by user ID
  • type - Filter by type: all, security, or team

Example:

GET /api/v1/activity-logs/export?from=2025-01-01&to=2025-12-31&type=security

Response headers:

Content-Type: text/csv
Content-Disposition: attachment; filename="activity-logs-2025-01-01-to-2025-12-31.csv"

CSV columns:

  • ID
  • Timestamp
  • Action
  • User ID
  • User Name
  • User Email
  • Subject Type
  • Subject ID
  • Metadata (JSON)
  • IP Address

Note: Export is limited to 10,000 records per request. For larger exports, use date range filtering to split into multiple requests.

Action Types

Security Actions

Action Description Metadata
login Successful login ip, user_agent
login_failed Failed login attempt ip, reason
logout User logged out -
password_changed Password was changed via (reset_link, profile)
password_reset_requested Reset link requested ip
email_changed Email address changed from, to
email_verified Email was verified -

Team Actions

Action Description Metadata
member.invited Invitation sent email, role
member.joined User joined team role, via_invitation
member.removed Member was removed -
member.suspended Member was suspended -
role.assigned Role was changed old_role, new_role

Data Actions

Action Description Metadata
order.created Order was created Varies
order.updated Order was updated changes
order.deleted Order was deleted -
product.created Product was created -
customer.created Customer was created -

Frontend Integration

Activity Log Component

interface ActivityLog {
  id: number;
  action: string;
  user?: {
    id: number;
    name: string;
  };
  subject_type?: string;
  subject_id?: number;
  metadata: Record<string, any>;
  created_at: string;
}

interface PaginatedLogs {
  logs: ActivityLog[];
  pagination: {
    current_page: number;
    last_page: number;
    per_page: number;
    total: number;
  };
}

async function getActivityLogs(
  accessToken: string,
  tenantId: string,
  filters?: {
    action?: string;
    user_id?: number;
    from?: string;
    to?: string;
    page?: number;
    per_page?: number;
  }
): Promise<PaginatedLogs> {
  const params = new URLSearchParams();
  if (filters) {
    Object.entries(filters).forEach(([key, value]) => {
      if (value !== undefined) {
        params.append(key, String(value));
      }
    });
  }

  const response = await fetch(`/api/v1/activity-logs?${params}`, {
    headers: {
      'Authorization': `Bearer ${accessToken}`,
      'X-Tenant': tenantId,
    },
  });

  return response.json();
}

Retention Policy

Activity logs are retained based on the tenant's plan:

Plan Retention Period
Free 30 days
Pro 90 days
Enterprise 1 year

Logs older than the retention period are automatically deleted.