DocsAudit LogAPI
Query the workspace audit log. Every state-changing operation across the platform is recorded with action, resource type, actor, IP address, and metadata. Overseers can query across subordinate workspaces.
| Method | Path | Description |
|---|
GET | /api/audit | List audit log entries |
| Parameter | Type | Default | Description |
|---|
limit | number | 50 | Records per page (1-100) |
offset | number | 0 | Pagination offset |
action | string | - | Filter by action (e.g. CREATE, DELETE, APPROVE) |
entityType | string | - | Filter by resource type (e.g. FORM, TABLE, MATTER) |
search | string | - | Case-insensitive text search across action, resource, user name, and email |
crossWorkspace | boolean | false | Include subordinate workspace logs (overseer only) |
excludeNoisy | boolean | true | Exclude system events (page views, presence, favourites, emoji responses) |
{
"logs": [
{
"id": "cm_audit_abc123",
"action": "CREATE",
"resource": "FORM",
"resourceId": "cm_form_def456",
"metadata": { "name": "Contact Us" },
"ipAddress": "203.0.113.42",
"userAgent": "Mozilla/5.0...",
"createdAt": "2026-02-27T10:30:00.000Z",
"user": {
"name": "Will Lilley",
"email": "will@example.com"
},
"organization": {
"id": "cm_org_ghi789",
"name": "Acme Corp"
}
}
],
"pagination": {
"total": 1234,
"limit": 50,
"offset": 0,
"hasMore": true
}
}
The action field uses a mix of generic CRUD verbs and domain-specific identifiers. Common values:
| Action | Description |
|---|
CREATE / UPDATE / DELETE | Standard CRUD operations |
ARCHIVE / RESTORE | Soft delete and recovery |
APPROVE / REJECT | Approval workflows |
SHARE / SUBMIT | Sharing and submissions |
SYNC / TRIGGER | Pipelines and integrations |
AI_CHAT_MESSAGE | AI assistant interactions |
addon.install / addon.uninstall | Addon lifecycle |
The resource field identifies what was acted on. Uses both SCREAMING_CASE and snake_case:
| Resource | Description |
|---|
FORM, SUBMISSION, TABLE | Core data models |
MATTER, MATTER_STEP | Matter lifecycle |
DOCUMENT, WORKFLOW | Knowledge base and automations |
table_row, table_column | Table sub-resources |
INVOICE, DASHBOARD | Accounting and reporting |
EXTERNAL_CONNECTION, PIPELINE_RUN | External integrations |
- Audit log entries are immutable during their retention period and cannot be deleted via the API.
- The
metadata field is automatically sanitised to redact sensitive values (passwords, tokens, API keys).
- Cross-workspace queries require the calling user to have active oversight relationships.
- The Settings UI at Settings -> Audit Log provides a human-readable view with filtering and search.
- Retention: Audit logs are retained per workspace configuration (default 180 days). Five tiers available: Standard (180d), Extended (1yr), Finance (7yr), Legal (25yr), Indefinite. Configure at Settings -> Organisation -> Retention.
- Archive-before-delete: Expired logs are archived to JSON (
AuditArchive table) before deletion. Archives are retained indefinitely for compliance evidence.
- Retention API:
GET/PUT /api/workspaces/[workspaceId]/audit-retention. See SSO & SCIM docs for full reference.