Skip to main content

Get Activity Audits

Retrieve all audit events with comprehensive filtering and pagination. 
GET /api/v1/audits?pageNumber=1&pageSize=20&eventType=Activity&fromUtc=2026-03-01T00:00:00Z

Query Parameters

pageNumber
integer
default:"1"
Page number for pagination
pageSize
integer
default:"10"
Number of items per page (max 100)
sort
string
default:"occurredAtUtc desc"
Sort field and direction (e.g., “occurredAtUtc”, “severity desc”)
eventType
enum
Filter by event type:
  • EntityChange - Database entity changes
  • Security - Authentication/authorization events
  • Activity - General activity events
  • Exception - Exception and error events
severity
enum
Filter by severity level:
  • Trace
  • Debug
  • Information
  • Warning
  • Error
  • Critical
fromUtc
datetime
Start date/time for audit events (UTC)
toUtc
datetime
End date/time for audit events (UTC)
tenantId
string
Filter by tenant identifier
userId
string
Filter by user identifier
source
string
Filter by source system/module (e.g., “FSH.Modules.Identity”)
correlationId
string
Filter by correlation identifier to find related events
traceId
string
Filter by distributed tracing identifier
tags
flags
Filter by audit tags (bitwise flags):
  • 1 - PiiMasked
  • 2 - OutOfQuota
  • 4 - Sampled
  • 8 - RetainedLong
  • 16 - HealthCheck
  • 32 - Authentication
  • 64 - Authorization
search
string
Full-text search across audit event payloads

Authorization

Requires Permissions.Auditing.View permission.

Response

Returns a paginated list of audit events.
data
array
Array of audit summary objects
id
uuid
Unique audit event identifier
occurredAtUtc
datetime
When the event occurred
eventType
enum
Type of audit event (EntityChange, Security, Activity, Exception)
severity
enum
Event severity level
tenantId
string
Associated tenant identifier
userId
string
User who triggered the event
userName
string
Display name of the user
traceId
string
Distributed tracing identifier
correlationId
string
Correlation identifier for related events
requestId
string
HTTP request identifier
source
string
Source system or module
tags
flags
Bitwise flags for metadata
pageNumber
integer
Current page number
pageSize
integer
Items per page
totalCount
integer
Total number of matching audit events
totalPages
integer
Total number of pages
{
  "data": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "occurredAtUtc": "2026-03-06T14:23:15.123Z",
      "eventType": "Activity",
      "severity": "Information",
      "tenantId": "acme-corp",
      "userId": "user-123",
      "userName": "[email protected]",
      "traceId": "4bf92f3577b34da6a3ce929d0e0e4736",
      "correlationId": "abc123",
      "requestId": "0HN1234567890",
      "source": "FSH.Modules.Identity",
      "tags": 0
    },
    {
      "id": "660e9511-f3ac-52e5-b827-557766551111",
      "occurredAtUtc": "2026-03-06T14:22:08.456Z",
      "eventType": "EntityChange",
      "severity": "Information",
      "tenantId": "acme-corp",
      "userId": "user-456",
      "userName": "[email protected]",
      "traceId": "5cg03g4688c45db7b4df030e1f1f5847",
      "correlationId": "def456",
      "requestId": "0HN1234567891",
      "source": "FSH.Modules.Catalog",
      "tags": 1
    }
  ],
  "pageNumber": 1,
  "pageSize": 20,
  "totalCount": 2,
  "totalPages": 1
}

Event Types

Activity Events

Track general application activity:
  • HTTP Requests - API endpoint calls
  • Commands - CQRS command executions
  • Queries - CQRS query executions
  • Background Jobs - Scheduled task executions
  • Integrations - External system interactions
GET /api/v1/audits?eventType=Activity&userId=user-123

Entity Change Events

Track database modifications:
  • Insert, Update, Delete operations
  • Before/after values for changed fields
  • Entity type and identifiers
GET /api/v1/audits?eventType=EntityChange&fromUtc=2026-03-06T00:00:00Z

Common Use Cases

Track User Activity

Get all actions performed by a specific user: 
GET /api/v1/audits?userId=user-123&fromUtc=2026-03-01T00:00:00Z&pageSize=50

Monitor Tenant Activity

View all activity for a specific tenant: 
GET /api/v1/audits?tenantId=acme-corp&eventType=Activity

Investigate Errors

Find all error-level events: 
GET /api/v1/audits?severity=Error&fromUtc=2026-03-06T00:00:00Z

Debug Distributed Transactions

Trace related events using correlation ID: 
GET /api/v1/audits?correlationId=abc123

Search Audit Logs

Perform full-text search across audit payloads: 
GET /api/v1/audits?search=product%20deleted

Filtering by Tags

Use bitwise flags to filter by multiple tags: 
# Find events with PII that was masked (flag = 1)
GET /api/v1/audits?tags=1

# Find authentication events (flag = 32)
GET /api/v1/audits?tags=32

# Exclude health checks (use search parameter to filter out)
GET /api/v1/audits?search=-healthcheck

Sorting

Sort results by any field: 
# Most recent first (default)
GET /api/v1/audits?sort=occurredAtUtc desc

# Highest severity first
GET /api/v1/audits?sort=severity desc

# By user name
GET /api/v1/audits?sort=userName
Activity audits are retained according to your configured retention policy. High-severity events and those tagged with RetainedLong are kept longer.
Large date ranges and full-text searches may impact performance. Use specific filters when possible.

Build docs developers (and LLMs) love

Get started for freeTalk to us