> ## Documentation Index > Fetch the complete documentation index at: https://docs.knotapi.com/llms.txt > Use this file to discover all available pages before exploring further. # Get Audit Logs > Retrieve audit logs for employee usage of the Knot Dashboard. #### Logged actions * **Authentication**: Login attempts, 2FA changes, password resets * **Users**: Adding, updating, and removing Knot Dashboard users * **Merchants**: Activating, hiding, and exporting merchants * **Webhooks**: Creating, updating, and deleting webhook configurations * **Access grants**: Creating and revoking privileged access grants * **Secrets**: Viewing and rotating API secrets * **SSO**: Adding, updating, enabling, and disabling SAML configurations * **Domains**: Adding and removing allowlisted domains * **Account**: Account activation and app logo updates ## OpenAPI ````yaml GET /audit_logs openapi: 3.1.0 info: title: Knot API description: An API to interact with the Knot merchant connectivity platform. version: 1.0.0 servers: - url: https://development.knotapi.com description: Development server security: - basicAuth: [] paths: /audit_logs: servers: - url: https://production.knotapi.com description: Production server get: description: Retrieve audit logs for employee usage of the Knot Dashboard. operationId: audit_logs_get parameters: - name: start in: query required: false schema: type: string format: date-time example: '2025-01-01T00:00:00Z' description: >- Filter audit logs to those created on or after this timestamp. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ). - name: end in: query required: false schema: type: string format: date-time example: '2025-12-31T23:59:59Z' description: >- Filter audit logs to those created on or before this timestamp. Must be in ISO 8601 format (YYYY-MM-DDTHH:MM:SSZ). - name: next_cursor in: query required: false schema: type: string example: eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9 description: >- Cursor token for pagination. Use the `next_cursor` value from the previous response to retrieve the next page of results. responses: '200': description: Successful request. content: application/json: schema: type: object properties: data: type: array items: type: object properties: id: type: string description: Unique identifier for the audit log entry. example: a0b66190-9e04-4bc6-82ae-5d98e1f70e59 datetime: type: string format: date-time description: >- ISO 8601 datetime (YYYY-MM-DDTHH:MM:SSZ) when the action occurred. example: '2025-12-23T15:48:58Z' event: type: object properties: action: type: string description: The action that was performed. example: merchant.hide outcome: type: object properties: status: type: string description: The outcome status of the action. example: success required: - status required: - action - outcome actor: type: object properties: name: type: string description: >- Name of the user that performed the action. `System` if no individual user performed the action. example: Ada Lovelace email: type: string description: >- Email address of the user that performed the action. example: ada@lovelace.com required: - name target: type: - object - 'null' description: '' properties: type: type: - string - 'null' enum: - webhook - secret - domain - user - merchant - null description: The type of target entity. example: merchant name: type: - string - 'null' description: The name of the target entity. example: Amazon Prime environment: type: - string - 'null' enum: - production - development - null description: The environment associated with the target. example: production required: - type - name - environment context: type: object properties: ip: type: string description: IP address from which the action was performed. example: 208.204.24.80 user_agent: type: string description: >- User agent string of the browser or client used to perform the action. example: Mozilla/5.0 ... required: - id - datetime - event - actor - target - context next_cursor: type: - string - 'null' description: >- Cursor token for the next page of audit logs. Null if there are no further results. limit: type: integer description: Number of items per page. example: 100 examples: ViewSecret: summary: Example audit log response for viewing a secret value: data: - id: c2d88312-1b26-6de8-a4cg-7f1a3h92g81 datetime: '2025-12-25T08:15:30Z' event: action: secret.view outcome: status: success actor: name: Ada Lovelace email: ada@lovelace.com target: type: secret name: null environment: production context: ip: 208.204.24.80 user_agent: >- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 next_cursor: eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9 limit: 100 HideMerchant: summary: Example audit log response for hiding a merchant value: data: - id: a0b66190-9e04-4bc6-82ae-5d98e1f70e59 datetime: '2025-12-23T15:48:58Z' event: action: merchant.hide outcome: status: success actor: name: Ada Lovelace email: ada@lovelace.com target: type: merchant name: Amazon Prime environment: null context: ip: 208.204.24.80 user_agent: >- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 next_cursor: eyJpZCI6MTIzNDU2LCJfcG9pbnRzVG9OZXh0SXRlbXMiOnRydWV9 limit: 100 UpdateWebhook: summary: Example audit log response for updating a webhook value: data: - id: b1c77201-0a15-5cd7-93bf-6e09f2g81f70 datetime: '2025-12-24T10:30:00Z' event: action: webhook.update outcome: status: success actor: name: Ada Lovelace email: ada@lovelace.com target: type: webhook name: null environment: production context: ip: 208.204.24.80 user_agent: >- Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36 next_cursor: null limit: 100 '400': description: Bad request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: InvalidStartDateFormat: summary: Invalid start date format value: error_type: INVALID_REQUEST error_code: INVALID_FIELD error_message: The start must be in ISO 8601 format. InvalidEndDateFormat: summary: Invalid end date format value: error_type: INVALID_REQUEST error_code: INVALID_FIELD error_message: The end must be in ISO 8601 format. InvalidCursorFormat: summary: Cursor format is invalid value: error_type: INVALID_REQUEST error_code: INVALID_CURSOR_FORMAT error_message: The provided cursor is invalid. '401': description: Unauthorized request. content: application/json: schema: $ref: '#/components/schemas/Error' examples: AuthFailed: summary: Auth failed value: error_type: INVALID_INPUT error_code: INVALID_API_KEYS error_message: Invalid client_id or secret provided. '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/Error' examples: InternalServerError: summary: Unexpected server error value: message: Server Error components: schemas: Error: type: object properties: error_type: type: string description: Type of error. enum: - INVALID_INPUT - INVALID_REQUEST - USER_ERROR - SESSION_ERROR - MERCHANT_ACCOUNT_ERROR - MERCHANT_ERROR - SUBSCRIPTION_ERROR - TRANSACTION_ERROR - CART_ERROR example: INVALID_REQUEST error_code: type: string description: Error code. enum: - INVALID_API_KEYS - INVALID_FIELD - INVALID_JWE - INVALID_CURSOR_FORMAT - USER_NOT_FOUND - MERCHANT_ACCOUNT_NOT_FOUND - MERCHANT_ACCOUNT_DISCONNECTED - SESSION_NOT_FOUND - EXTEND_NOT_SUPPORTED - MERCHANT_UNAVAILABLE - NO_ACCESS - TRANSACTION_NOT_FOUND - NO_TRANSACTIONS - SUBSCRIPTION_NOT_FOUND - ONGOING_OPERATION - CART_NOT_FOUND - FULFILLMENT_NOT_FOUND example: INVALID_FIELD error_message: type: string description: Detailed error message. example: The limit may not be greater than 10. securitySchemes: basicAuth: type: http scheme: basic description: >- Basic authentication header of the form `Basic `, where `` is the base64-encoded string `username:password`. Use your `client_id` as the `username` and your `secret` as the `password` value. ````