Audit logs

Audit logs are a record of workspace events in a single workspace. You retrieve the audit logs via a Torq step or the Torq API. The API key used to run the step or API call retrieves logs for the workspace the key was created on.

The rest of this article covers reference material for audit logs, including event types, entities, and so on.

To learn how to retrieve and consume audit logs, check out work with audit logs.

The following is a list of all events for which log entries are created. Entries in the audit log are created for create, update, and delete actions for the main resources in Torq. This means that log entries are NOT created for read actions. 

Generally, log entries are created immediately after the action is taken and are available immediately, but they could take several minutes (no more than 5 minutes). When you send a List audit logs request, the returned log entries are for the account on which the API key was created.

Users

• User invited

• User accepted invitation

• User role updated

• User deleted

• User logged in

• User logged out

• User switched accounts

Workflows

• Workflow created

• Workflow deleted

• Workflow updated

• Workflow published

• Workflow unpublished

• Workflow edited

• Workflow reverted

• Workflow enabled

• Workflow disabled

The workflow tags will be available in the tags array under extra_data for every log entry created for a workflow-related action. You can export the log data to filter, aggregate, and use it for automation according to the tags. If the workflow has no tags, the tags array won't exist in the log entry.

Workspace variables

• Workspace variable created

• Workspace variable updated

• Workspace variable deleted

Workflow Notifications

• Email address added

• Email address removed

• Webhook added

• Webhook removed

• Webhook authentication headers added

• Webhook authentication headers removed

• Webhook authentication headers updated

API Keys

• API key enabled

• API key deleted

Secrets

• Secret created

• Secret deleted

• Secret updated

Integrations

• Integration created

• Integration deleted

• Integration updated

Custom Steps

• Custom step created

• Custom step deleted

Runners

• Runner created

• Runner deleted

IdP Connections

• IdP connection created

• IdP connection updated

• IdP connection enabled

• IdP connection disabled

IdP Claims mappings

• IdP claims mapping created

• IdP claims mapping updated

• IdP claims mapping deleted

SSO

• User login failed

Sample entry log

{
   "account_id": "1d8*****-****-4f2a-****-*****fe50a57",
   "account_name": "mrsactor",
   "action": "Workflow updated",
   "actor_name": "Mrs. Actor ",
   "actor_type": "web_app",
   "email": "mrs.actor@torqy.io",
   "extra_data": {
     "revision_id": "f31bb***-f5**-48**-a1**-749cca80f2**",
     "tags": [
       "tag1",
       "tag2",
       "tag3"
     ]
   },
   "id": "8aa*****-****-40a8-b1b1-40811*******",
   "ip": "77.***.***.237",
   "resource_id": "a0f5b***-****-****-****-***7d91d38**",
   "resource_name": "Audit log (step)",
   "timestamp": "2022-05-15T08:51:11.900970Z",
   "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)    \t\t Chrome/101.0.****.5* Safari/537.36"
}