Audit Logs
Hookbase automatically logs all actions performed within your organization. Audit logs are immutable and cannot be modified or deleted.
What Gets Logged
Every create, update, and delete operation is recorded, including:
- Resource changes — Creating, updating, or deleting sources, destinations, routes, transforms, filters, and schemas
- Member management — Adding, removing, or changing member roles
- Security events — Login attempts, API key creation/revocation, 2FA changes, password changes
- Data operations — Import/export operations, bulk actions
- Configuration changes — Custom domain setup, notification channel changes, circuit breaker resets
Each log entry includes:
- Who — User ID, email, and display name
- What — Action type and affected entity
- When — Timestamp
- Where — IP address and user agent
- Details — Action-specific metadata (e.g., which fields changed)
Querying Audit Logs
In the Dashboard
Navigate to Settings → Audit Logs to browse and filter logs interactively.
Via the API
bash
# Recent activity
curl https://api.hookbase.app/api/audit-logs \
-H "Authorization: Bearer whr_your_api_key"
# Filter by action type
curl ".../audit-logs?action=source.deleted" \
-H "Authorization: Bearer whr_your_api_key"
# Filter by user
curl ".../audit-logs?userId=usr_abc123" \
-H "Authorization: Bearer whr_your_api_key"
# Date range
curl ".../audit-logs?from=2024-01-01&to=2024-01-31" \
-H "Authorization: Bearer whr_your_api_key"See Audit Logs API for the full reference.
Compliance Use Cases
SOC 2
Audit logs provide evidence for SOC 2 Type II requirements:
- CC6.1: Logical access security — track who accessed or modified what
- CC8.1: Change management — track all configuration changes
GDPR
Audit logs help demonstrate accountability:
- Track who accessed personal data
- Monitor changes to data processing configurations
- Provide evidence of security controls
HIPAA
For healthcare organizations:
- Track access to webhook configurations containing PHI
- Monitor API key usage and authentication events
Retention
Audit log retention varies by plan:
| Plan | Retention |
|---|---|
| Free | 7 days |
| Starter | 30 days |
| Pro | 90 days |
| Business | 365 days |
TIP
Export audit logs before the retention window expires if you need long-term archives for compliance.
Related
- Audit Logs API — Full API reference with action types
- Enterprise Security — Security overview