Audit log export

Authorized compliance or security teams can export activity and usage logs for a date range. Export is available via a dedicated API using a compliance key (not the user session).

Endpoint

GET /api/compliance/audit-export

Authentication

Header X-Compliance-Key must match the server env COMPLIANCE_EXPORT_API_KEY. No session or API key is used for this endpoint.

Query parameters

• format — json (default) or csv
• from — Start date (ISO 8601)
• to — End date (ISO 8601). Default: now. If omitted, last 30 days from to.

Response

• Activity logs: user_id, activity_type, entity_type, entity_id, details, ip_address, user_agent, created_at
• Usage logs: user_id, workspace_id, action, resource_type, resource_id, metadata, created_at

CSV format returns a downloadable file with Content-Disposition: attachment.

Example

curl -H "X-Compliance-Key: YOUR_KEY" \
  "https://app.example.com/api/compliance/audit-export?format=csv&from=2025-01-01&to=2025-01-31" \
  -o audit-2025-01.csv

Related

• Compliance — Audit export API reference
• Permissions — Who can request export