Audit logs give your organization a tamper-evident record of every significant action taken across workspaces — who did what, when, and on which resource. Use them for security reviews, compliance investigations, and incident response.
Viewing audit logs
In the UI
Go to Settings → Enterprise → Audit Logs in your workspace. Logs are displayed in a table with the following columns:
| Column | Description |
|---|---|
| Timestamp | When the action occurred. |
| Event | The action taken, e.g. workflow.created. |
| Description | A human-readable summary of the action. |
| Actor | The email address of the user who performed the action. |
Use the search bar, event type filter, and date range selector to narrow results.
Via API
Audit logs are also accessible through the Sim API for integration with external SIEM or log management tools.
GET /api/v1/audit-logs
Authorization: Bearer <api-key>Query parameters:
| Parameter | Type | Description |
|---|---|---|
action | string | Filter by event type (e.g. workflow.created) |
resourceType | string | Filter by resource type (e.g. workflow) |
resourceId | string | Filter by a specific resource ID |
workspaceId | string | Filter by workspace |
actorId | string | Filter by user ID (must be an org member) |
startDate | string | ISO 8601 date — return logs on or after this date |
endDate | string | ISO 8601 date — return logs on or before this date |
includeDeparted | boolean | Include logs from members who have since left the organization (default false) |
limit | number | Results per page (1–100, default 50) |
cursor | string | Opaque cursor for fetching the next page |
Example response:
{
"data": [
{
"id": "abc123",
"action": "workflow.created",
"resourceType": "workflow",
"resourceId": "wf_xyz",
"resourceName": "Customer Onboarding",
"description": "Created workflow \"Customer Onboarding\"",
"actorId": "usr_abc",
"actorName": "Alice Smith",
"actorEmail": "alice@company.com",
"workspaceId": "ws_def",
"metadata": {},
"createdAt": "2026-04-20T21:16:00.000Z"
}
],
"nextCursor": "eyJpZCI6ImFiYzEyMyJ9"
}Paginate by passing the nextCursor value as the cursor parameter in the next request. When nextCursor is absent, you have reached the last page.
The API accepts both personal and workspace-scoped API keys. Rate limits apply — the response includes X-RateLimit-* headers with your current limit and remaining quota.
Event types
Audit log events follow a resource.action naming pattern. The table below lists the main categories.
| Category | Example events |
|---|---|
| Workflows | workflow.created, workflow.deleted, workflow.deployed, workflow.locked |
| Workspaces | workspace.created, workspace.updated, workspace.deleted |
| Members | member.invited, member.removed, member.role_changed |
| Permission groups | permission_group.created, permission_group.updated, permission_group.deleted |
| Environments | environment.updated, environment.deleted |
| Knowledge bases | knowledge_base.created, knowledge_base.deleted, connector.synced |
| Tables | table.created, table.updated, table.deleted |
| API keys | api_key.created, api_key.revoked |
| Credentials | credential.created, credential.deleted, oauth.disconnected |
| Organization | organization.updated, org_member.added, org_member.role_changed |
Common Questions
Self-hosted setup
Self-hosted deployments use environment variables instead of the billing/plan check.
Environment variables
AUDIT_LOGS_ENABLED=true
NEXT_PUBLIC_AUDIT_LOGS_ENABLED=trueOnce enabled, audit logs are viewable in Settings → Enterprise → Audit Logs and accessible via the API.