Get Audit Logs

cURL

curl --request GET \
  --url https://production.knotapi.com/audit_logs \
  --header 'Authorization: Basic <encoded-value>'

{
  "data": [
    {
      "id": "c2d88312-1b26-6de8-a4cg-7f1a3h92g81",
      "datetime": "2025-12-25T08:15:30Z",
      "event": {
        "action": "secret.view",
        "outcome": {
          "status": "success"
        }
      },
      "actor": {
        "name": "Ada Lovelace",
        "email": "ada@lovelace.com"
      },
      "target": {
        "type": "secret",
        "name": null,
        "environment": "production"
      },
      "context": {
        "ip": "208.204.24.80",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
      }
    }
  ],
  "next_cursor": "eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9",
  "limit": 100
}

GET

audit_logs

cURL

curl --request GET \
  --url https://production.knotapi.com/audit_logs \
  --header 'Authorization: Basic <encoded-value>'

{
  "data": [
    {
      "id": "c2d88312-1b26-6de8-a4cg-7f1a3h92g81",
      "datetime": "2025-12-25T08:15:30Z",
      "event": {
        "action": "secret.view",
        "outcome": {
          "status": "success"
        }
      },
      "actor": {
        "name": "Ada Lovelace",
        "email": "ada@lovelace.com"
      },
      "target": {
        "type": "secret",
        "name": null,
        "environment": "production"
      },
      "context": {
        "ip": "208.204.24.80",
        "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
      }
    }
  ],
  "next_cursor": "eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9",
  "limit": 100
}

Logged actions

Authentication: Login attempts, 2FA changes, password resets
Users: Adding, updating, and removing Knot Dashboard users
Merchants: Activating, hiding, and exporting merchants
Webhooks: Creating, updating, and deleting webhook configurations
Secrets: Viewing and rotating API secrets
SSO: Adding, updating, enabling, and disabling SAML configurations
Domains: Adding and removing allowlisted domains
Account: Account activation and app logo updates

Authorizations

Authorization

string

header

required

Basic authentication header of the form Basic <encoded-value>, where <encoded-value> is the base64-encoded string username:password. Use your client_id as the username and your secret as the password value.

Query Parameters

start

string<date-time>

Filter audit logs to those created on or after this timestamp. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ).

Example:

"2025-01-01T00:00:00Z"

end

string<date-time>

Filter audit logs to those created on or before this timestamp. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ).

Example:

"2025-12-31T23:59:59Z"

next_cursor

string

Cursor token for pagination. Use the next_cursor value from the previous response to retrieve the next page of results.

Example:

"eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9"

Response

Successful request.

data

object[]

Show child attributes

next_cursor

string | null

Cursor token for the next page of audit logs. Null if there are no further results.

limit

integer

Number of items per page.

Example:

100

Delete User & Data

⌘I

Overview

Development

Sessions

CardSwitcher

TransactionLink

SubscriptionManager

Shopping

Merchants

Merchant Accounts

Detected Accounts

Users

Audit Logs

Get Audit Logs

Logged actions

Authorizations

Query Parameters

Response

Overview

Development

Sessions

CardSwitcher

TransactionLink

SubscriptionManager

Shopping

Merchants

Merchant Accounts

Detected Accounts

Users

Audit Logs

​Logged actions

Authorizations

Query Parameters

Response

Logged actions