> ## Documentation Index > Fetch the complete documentation index at: https://docs.cekura.ai/llms.txt > Use this file to discover all available pages before exploring further. # List Audit Logs > List audit logs for an organization. Requires admin or organization API key access. Audit Logs provide a complete, time-stamped record of all actions performed within your organization. They help you answer key questions like: * **Who** made a change? * **What** changed? * **When** did it happen? * **Where** did it happen? ## What Can Be Tracked The audit logs API allows you to track changes across different types of objects in the platform, including: * Agents * Scenarios * Metrics * API Keys * Executions / Runs * Cron Jobs * Organization-level and Project-level settings For each of these objects, you can track **creation**, **updates**, **deletion**, and **execution or usage events** (where applicable). ## Streaming to a SIEM You can continuously pull audit logs in near real-time by periodically querying the API with a moving time window and forwarding the results to your SIEM system (e.g., Splunk, Datadog, ELK). **Approach:** 1. Maintain a `last_fetched_timestamp` 2. Call the Audit Logs API at regular intervals (e.g., every 5 minutes) 3. Fetch logs between `last_fetched_timestamp` and `now` 4. Push the results to your SIEM 5. Update `last_fetched_timestamp` Either `user_email` or `api_key_name` will be present for each log entry (not both). By default, audit logs are only retained for a year. ## OpenAPI ````yaml get /user/v1/audit-logs/ openapi: 3.1.0 info: title: Cekura API version: v1 description: >- Complete API documentation for the Cekura platform. This API provides endpoints for testing, observing, and evaluating AI voice agents — including managing agents, running evaluators, defining metrics, and analyzing call quality. servers: - url: https://api.cekura.ai security: [] paths: /user/v1/audit-logs/: get: tags: - user description: >- List audit logs for an organization. Requires admin or organization API key access. operationId: audit-logs-list parameters: - name: page required: false in: query description: A page number within the paginated result set. schema: type: integer - name: page_size required: false in: query description: Number of results to return per page. schema: type: integer - in: query name: organization_id schema: type: string description: Organization whose logs are being fetched required: true - in: query name: start_time schema: type: string description: >- Start of the time range for logs (ISO 8601, e.g. 2025-01-01T00:00:00Z). Defaults to 1 week ago. Max duration between start_time and end_time is 30 days. - in: query name: end_time schema: type: string description: >- End of the time range for logs (ISO 8601, e.g. 2025-12-31T23:59:59Z). Defaults to now. Max duration between start_time and end_time is 30 days. - in: query name: project_id schema: type: string description: Filter logs for a specific project - in: query name: user_email schema: type: string description: Filter logs for actions performed by a specific user - in: query name: object_type schema: type: string description: >- Type of object being tracked (e.g. aiagent, metric, scenario, api_key) - in: query name: object_id schema: type: string description: >- Unique identifier of the object. Must be used together with object_type - in: query name: action_type schema: type: string description: >- Higher-level classification of the action (e.g. object, run_scenarios) - in: query name: operation_type schema: type: string description: Type of operation performed (create, update, delete) responses: '200': content: application/json: schema: $ref: '#/components/schemas/PaginatedAuditLogList' description: '' security: - api_key: [] components: schemas: PaginatedAuditLogList: type: object required: - count - results properties: count: type: integer example: 123 next: type: string nullable: true format: uri example: https://api.cekura.ai/example/v1/example-external/?page=4 previous: type: string nullable: true format: uri example: https://api.cekura.ai/example/v1/example-external/?page=3 results: type: array items: $ref: '#/components/schemas/AuditLog' AuditLog: type: object properties: id: type: integer readOnly: true organization: type: - integer - 'null' readOnly: true description: Organization this audit log belongs to organization_name: type: - string - 'null' readOnly: true project: type: - integer - 'null' readOnly: true description: Project this audit log belongs to (if applicable) project_name: type: - string - 'null' readOnly: true user: type: - integer - 'null' readOnly: true description: User who performed the action (if authenticated user request) user_email: type: - string - 'null' readOnly: true api_key_name: type: - string - 'null' readOnly: true action_type: enum: - object - run_scenarios - run_scenarios_text - generate_scenarios - observability - null type: - string - 'null' x-spec-enum-id: cf4776ff93c477b3 readOnly: true description: |- Type of action performed * `object` - Object * `run_scenarios` - Run Scenarios * `run_scenarios_text` - Run Scenarios Text * `generate_scenarios` - Generate Scenarios * `observability` - Observability operation_type: enum: - create - update - delete - null type: - string - 'null' x-spec-enum-id: 776deda675315ff7 readOnly: true description: |- Type of operation performed * `create` - Create * `update` - Update * `delete` - Delete object_type: type: - string - 'null' readOnly: true object_id: type: - integer - 'null' readOnly: true timestamp: type: string format: date-time readOnly: true description: When the action was performed securitySchemes: api_key: type: apiKey name: X-CEKURA-API-KEY in: header description: >- API Key Authentication. It should be included in the header of each request. ````