Represents a single audit log entry tracking a change or action performed on a resource within the system.
id string required
Unique identifier for the audit log entry. Format: log_ followed by alphanumeric characters.
timestamp string required
ISO 8601 timestamp when the action occurred.
resource_type string required
Type of resource that was modified. Values: assistant, thread, vector_store, rule, mcp_configuration, user, organization.
resource_id string required
Unique identifier of the resource that was modified.
resource_name string optional
Human-readable name of the resource at the time of the action.
action string required
Action that was performed. Values: created, updated, deleted, accessed, shared, archived, restored.
user_id string required
Unique identifier of the user who performed the action.
user_name string optional
Full name of the user who performed the action.
user_email string optional
Email address of the user who performed the action.
changes array optional
Array of field-level changes. Empty for created and deleted actions.
Show properties
Each change object contains:
field string required
Name of the field that changed. Uses dot notation for nested fields (e.g., tools.webSearch).
old_value any optional
Previous value of the field. Can be string, number, boolean, object, or array.
new_value any optional
New value of the field. Can be string, number, boolean, object, or array.
metadata object optional
Additional context about the action.
Show properties
ip_address string optional
IP address from which the action was performed.
user_agent string optional
User agent string of the client that performed the action.
source string optional
Source of the action. Values: web_ui, api, system, automation.
api_key_id string optional
API key ID if the action was performed via API.
session_id string optional
Session ID if the action was performed via web UI.
This object is returned by: