Audit Logs provide a comprehensive, searchable record of all API activity within your organization. Every request made to the Didit platform—whether from the Console, your integration, or team members—is automatically logged for security, compliance, and troubleshooting purposes.
This feature is essential for organizations that need to maintain regulatory compliance, investigate security incidents, or simply understand how their verification system is being used.
Why Audit Logs?
| Challenge | Solution with Audit Logs |
|---|---|
| Regulatory compliance requirements | Complete 1-year audit trail of all activity |
| Security incident investigation | Trace exactly who did what and when |
| Debugging integration issues | See the exact requests and responses |
| Team accountability | Track which team members accessed what data |
| Usage monitoring | Understand API consumption patterns |
🖥️ Accessing Audit Logs
Navigate to Audit Logs in your Didit Console sidebar under the Console & Dashboard section. The Audit Logs interface displays a chronological list of all API requests made within your organization.
Each log entry includes:
- Timestamp - When the request was made
- User - Email of the user who made the request (if authenticated)
- Method - HTTP method (GET, POST, PUT, DELETE, etc.)
- Path - The API endpoint that was called
- Status - HTTP response status code
- IP Address - Origin IP of the request
- Application - Which application the request was associated with
🔍 Filtering & Search
The Audit Logs interface provides powerful filtering capabilities to help you find exactly what you're looking for.
Smart Search
The search bar automatically detects what you're looking for:
| Search Type | Example | Behavior |
|---|---|---|
| Exact Path | /v1/organization/.../sessions/ | Finds logs with this exact request path |
| Exact Email | [email protected] | Finds logs from this specific user |
| Exact IP | 192.168.1.100 | Finds logs from this IP address |
| Wildcard | /v1/*/analytics/* | Matches patterns with wildcards |
| General Text | sessions | Fuzzy search across all fields |
Available Filters
| Filter | Description | Example |
|---|---|---|
| Application | Filter by specific application | Select from dropdown |
| Method | Filter by HTTP method | GET, POST, PUT, DELETE |
| Status Code | Filter by response status | 200, 401, 500 |
| Date Range | Filter by time period | Last 7 days, custom range |
Common Filter Combinations
Find all failed requests:
- Status Code:
400-599or specific error codes like401,403,500
Investigate a specific user's activity:
- Search:
[email protected] - Date Range: Select the relevant time period
Track verification session access:
- Search:
/v1/session/ - Method:
GET
Find all data modifications:
- Method:
POST,PUT,PATCH, orDELETE
📊 Data Retention
Audit logs are retained for 1 year (365 days) to meet common compliance requirements:
| Timeframe | Availability |
|---|---|
| Last 24 hours | ✅ Available |
| Last 7 days | ✅ Available |
| Last 30 days | ✅ Available |
| Last 90 days | ✅ Available |
| Last 365 days | ✅ Available |
| Older than 1 year | ❌ Automatically deleted |
Note: For extended retention requirements, please contact our support team to discuss enterprise options.
🔐 Security & Privacy
What's Logged
Audit logs capture metadata about API requests, including:
- Request timestamp and duration
- User identity (email, user ID)
- Request path and query parameters
- Response status codes
- Client IP address and user agent
What's NOT Logged
To protect sensitive data, the following are automatically excluded:
- Request/response bodies
- Authentication tokens and credentials
- Passwords and secrets
- Personal data from verification sessions
Access Control
Audit log access is restricted to users with Admin or Owner roles in your organization. Regular team members cannot view audit logs unless explicitly granted elevated permissions.
📋 Common Use Cases
Compliance Auditing
Demonstrate to auditors that you have complete visibility into who accessed verification data:
- Filter by date range matching the audit period
- Filter by specific applications or users if needed
- Export or screenshot the results for documentation
Security Investigation
If you suspect unauthorized access:
- Search for the affected user's email or suspicious IP addresses
- Filter by date range around the suspected incident
- Look for unusual patterns: failed authentication attempts, unexpected endpoints, odd hours
Integration Debugging
When troubleshooting API integration issues:
- Search for the specific endpoint path
- Filter by
4xxor5xxstatus codes to find errors - Note the timestamps to correlate with your application logs
Team Activity Review
Monitor how your team uses the platform:
- Filter by specific team member emails
- Review which sessions and features they accessed
- Ensure team members are following proper procedures
⚡ Best Practices
- Regular Reviews - Periodically review audit logs to catch anomalies early
- Narrow Your Search - Use specific filters to reduce noise and find relevant entries faster
- Date Ranges - Always specify a date range for better performance on large datasets
- Bookmark Searches - Save common filter combinations as browser bookmarks for quick access
🔗 Related Features
- Manual Review - Review verification sessions with full audit trail
- Analytics - Aggregate insights into your verification activity
- Workflows - Configure automated verification flows