# Audit Logs

### Export Audit Log Events in CSV Format

```
GET /auth/action/logs?startTime={ISO_TIMESTAMP}&endTime={ISO_TIMESTAMP}
```

Gets all signature events which have occurred in the over the timeframe.  The max range the API supports is 7 days.\
\
StartTime and EndTime are URL encoded UTC ISO timestamps:\
`startTime=2025-08-29T02%3A46%3A40Z` \
`endTime=2025-09-01T02%3A46%3A40Z`

An additional optional query parameter, `userId` can be specified to filter down events to a particular user. API will return results found in CSV format.

#### Required Permissions

| Name           | Conditions      |
| -------------- | --------------- |
| Auth:Logs:Read | Always Required |

### Get Audit Log Details in JSON Format

```
GET /auth/action/logs/:id
```

Gets detailed information for a particular audit log. Specifically, the API returns:

| Name              | Value                                                                       |
| ----------------- | --------------------------------------------------------------------------- |
| publicKey         | Public Key which can be used to verify signature                            |
| signature         | Signature of the clientData and authenticatorData                           |
| clientData        | Information, including challenge, which you can use to verify the signature |
| authenticatorData | Used to verify the signature                                                |

Dfns maintains a script in this repository which can be used for audit log signature validation.\
<https://github.com/dfns/example-scripts>

#### Required Permissions

| Name           | Conditions      |
| -------------- | --------------- |
| Auth:Logs:Read | Always Required |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-legacy.dfns.co/d/api-docs/authentication/audit-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.