Get all audit logs

curl --request GET \
  --url https://api.vantage.sh/v2/audit_logs \
  --header 'Authorization: Bearer <token>'

{
  "audit_logs": [
    {
      "token": "adt_lg_1234567890abcdef",
      "object_token": "rpt_1234567890abcdef",
      "object_type": "Report",
      "object_title": "Production Cost Report",
      "event": "record_updated",
      "source": "api",
      "user": "Example User",
      "workspace_title": "Production Workspace",
      "workspace_token": "wrkspc_5df510e54a48a137",
      "created_at": "2025-07-01T14:30:00Z",
      "object_changes": {
        "title": [
          "Old Production Report",
          "Production Cost Report"
        ],
        "updated_at": [
          "2025-06-15T10:00:00Z",
          "2025-07-01T14:30:00Z"
        ]
      }
    },
    {
      "token": "adt_lg_0987654321fedcba",
      "object_token": "rpt_0987654321fedcba",
      "object_type": "Report",
      "object_title": "Development Cost Report",
      "event": "record_created",
      "source": "console",
      "user": "Example User",
      "workspace_title": "Production Workspace",
      "workspace_token": "wrkspc_5df510e54a48a137",
      "created_at": "2025-06-25T09:15:00Z",
      "object_changes": {
        "key": [
          null,
          "api-created-tag-1755150452"
        ],
        "token": [
          null,
          "vtag_0497e0c2b571a71d"
        ],
        "backfill_until": [
          null,
          "2025-08-01T00:00:00.000Z"
        ],
        "created_by_type": [
          "User",
          "Team"
        ],
        "referenced_tag_keys_by_provider": [
          "{}",
          "{\"aws\":[]}"
        ],
        "account": [
          null,
          "Test Account"
        ],
        "created_by": [
          null,
          "Example User"
        ]
      }
    },
    {
      "token": "adt_lg_abcdef1234567890",
      "object_token": "bgt_abcdef1234567890",
      "object_type": "Budget",
      "object_title": "Q3 Marketing Budget",
      "event": "record_destroyed",
      "source": "api",
      "user": "Admin User",
      "workspace_title": "Production Workspace",
      "workspace_token": "wrkspc_5df510e54a48a137",
      "created_at": "2025-06-20T16:45:00Z",
      "object_changes": {
        "title": [
          "test_1",
          "test_1_updated"
        ]
      }
    }
  ],
  "links": {
    "self": "/v2/audit_logs?page=1",
    "first": "/v2/audit_logs?page=1",
    "next": "/v2/audit_logs?page=2",
    "last": "/v2/audit_logs?page=3",
    "prev": null
  }
}

GET

audit_logs

Get all audit logs

curl --request GET \
  --url https://api.vantage.sh/v2/audit_logs \
  --header 'Authorization: Bearer <token>'

{
  "audit_logs": [
    {
      "token": "adt_lg_1234567890abcdef",
      "object_token": "rpt_1234567890abcdef",
      "object_type": "Report",
      "object_title": "Production Cost Report",
      "event": "record_updated",
      "source": "api",
      "user": "Example User",
      "workspace_title": "Production Workspace",
      "workspace_token": "wrkspc_5df510e54a48a137",
      "created_at": "2025-07-01T14:30:00Z",
      "object_changes": {
        "title": [
          "Old Production Report",
          "Production Cost Report"
        ],
        "updated_at": [
          "2025-06-15T10:00:00Z",
          "2025-07-01T14:30:00Z"
        ]
      }
    },
    {
      "token": "adt_lg_0987654321fedcba",
      "object_token": "rpt_0987654321fedcba",
      "object_type": "Report",
      "object_title": "Development Cost Report",
      "event": "record_created",
      "source": "console",
      "user": "Example User",
      "workspace_title": "Production Workspace",
      "workspace_token": "wrkspc_5df510e54a48a137",
      "created_at": "2025-06-25T09:15:00Z",
      "object_changes": {
        "key": [
          null,
          "api-created-tag-1755150452"
        ],
        "token": [
          null,
          "vtag_0497e0c2b571a71d"
        ],
        "backfill_until": [
          null,
          "2025-08-01T00:00:00.000Z"
        ],
        "created_by_type": [
          "User",
          "Team"
        ],
        "referenced_tag_keys_by_provider": [
          "{}",
          "{\"aws\":[]}"
        ],
        "account": [
          null,
          "Test Account"
        ],
        "created_by": [
          null,
          "Example User"
        ]
      }
    },
    {
      "token": "adt_lg_abcdef1234567890",
      "object_token": "bgt_abcdef1234567890",
      "object_type": "Budget",
      "object_title": "Q3 Marketing Budget",
      "event": "record_destroyed",
      "source": "api",
      "user": "Admin User",
      "workspace_title": "Production Workspace",
      "workspace_token": "wrkspc_5df510e54a48a137",
      "created_at": "2025-06-20T16:45:00Z",
      "object_changes": {
        "title": [
          "test_1",
          "test_1_updated"
        ]
      }
    }
  ],
  "links": {
    "self": "/v2/audit_logs?page=1",
    "first": "/v2/audit_logs?page=1",
    "next": "/v2/audit_logs?page=2",
    "last": "/v2/audit_logs?page=3",
    "prev": null
  }
}

Authorizations

Authorization

string

header

required

The access token received from the authorization server in the OAuth 2.0 flow.

Query Parameters

page

integer<int32>

The page of results to return.

limit

integer<int32>

The amount of results to return. Defaults to 100. The maximum is 5000.

user

integer<int32>

Filter by personal or service API token that performed the action.

workspace_token

string

Filter by workspace token.

action

enum<string>

Filter by action type.

Available options:

create,

update,

delete

object_name

string

Filter by object name.

source

enum<string>

Filter by source.

Available options:

console,

api,

finops_agent

object_type

enum<string>

Filter by object type.

Available options:

virtual_tag,

cost_report,

recommendation_commitment,

segment

token

string

Filter by audit log token.

object_token

string

Filter by object token (auditable_token).

start_date

string<date>

Filter by start date (ISO 8601 format, e.g., 2024-06-01).

end_date

string<date>

Filter by end date (ISO 8601 format, e.g., 2024-06-01).

Response

AuditLogs model

audit_logs

object[]

required

Show child attributes

links

object

Show child attributes

Delete anomaly notification

Get audit log by token

⌘I

Documentation Index

Authorizations

Query Parameters

Response