Skip to main content
GET
/
audit_logs
cURL
curl --request GET \
  --url https://production.knotapi.com/audit_logs \
  --header 'Authorization: Basic <encoded-value>'
{
  "data": [
    {
      "id": "c2d88312-1b26-6de8-a4cg-7f1a3h92g81",
      "datetime": "2025-12-25T08:15:30Z",
      "event": {
        "action": "secret.view",
        "outcome": {
          "status": "success"
        }
      },
      "actor": {
        "name": "Ada Lovelace",
        "email": "ada@lovelace.com"
      },
      "target": {
        "type": "secret",
        "name": null,
        "environment": "production"
      },
      "context": {
        "ip": "208.204.24.80",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
      }
    }
  ],
  "next_cursor": "eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9",
  "limit": 100
}

Logged actions

  • Authentication: Login attempts, 2FA changes, password resets
  • Users: Adding, updating, and removing Knot Dashboard users
  • Merchants: Activating, hiding, and exporting merchants
  • Webhooks: Creating, updating, and deleting webhook configurations
  • Access grants: Creating and revoking privileged access grants
  • Secrets: Viewing and rotating API secrets
  • SSO: Adding, updating, enabling, and disabling SAML configurations
  • Domains: Adding and removing allowlisted domains
  • Account: Account activation and app logo updates

Authorizations

Authorization
string
header
required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password. Use your client_id as the username and your secret as the password value.

Query Parameters

start
string<date-time>

Filter audit logs to those created on or after this timestamp. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ).

Example:

"2025-01-01T00:00:00Z"

end
string<date-time>

Filter audit logs to those created on or before this timestamp. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ).

Example:

"2025-12-31T23:59:59Z"

next_cursor
string

Cursor token for pagination. Use the next_cursor value from the previous response to retrieve the next page of results.

Example:

"eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9"

Response

Successful request.

data
object[]
next_cursor
string | null

Cursor token for the next page of audit logs. Null if there are no further results.

limit
integer

Number of items per page.

Example:

100