Audit Logs
Every significant action on the platform is recorded in the audit log, providing a complete trail for security reviews and compliance.
How It Works
The AuditRequest middleware automatically logs all POST, PUT, PATCH, and DELETE requests that return a successful HTTP response. No manual instrumentation is needed — any endpoint covered by the middleware is audited.
The AuditLog Model
Each audit entry captures:
user_id— the authenticated user who performed the actionuser_email— the user's email (preserved even if the user is later deleted)organization_id— the organization context, if applicableevent— a dot-notation event nameauditable_type— the model class affected (e.g.,App\Models\User)auditable_id— the ID of the affected recordold_values— JSON snapshot of the record before the changenew_values— JSON snapshot of the record after the changeip_address— the client's IP addressuser_agent— the client's user agent string
Event Types
Events follow a resource.action naming convention:
user.login/user.logoutuser.created/user.updated/user.deleteduser.suspended/user.unsuspendedorg.created/org.deletedmember.invited/member.removed/member.role_changedapi_key.created/api_key.revokedsubscription.created/subscription.cancelledsettings.updated
Admin Endpoints
The AdminAuditLogController provides admin access to the full audit trail.
List Audit Logs
GET /api/admin/audit-logsReturns paginated results (50 per page). Supports search and filtering:
GET /api/admin/audit-logs?event=user.login&email=john@example.com&ip=192.168.1.1Toggle Auditing
POST /api/admin/audit-logs/toggleEnables or disables the audit system via the audit.enabled setting. When disabled, no new entries are recorded. Existing logs are preserved.
Purge Logs
DELETE /api/admin/audit-logs/purgePermanently deletes all audit log entries. This action is irreversible and is itself recorded as a final audit entry before the purge executes.