> ## Documentation Index > Fetch the complete documentation index at: https://docs.dfns.co/llms.txt > Use this file to discover all available pages before exploring further. # Get Audit Log > Gets detailed information for a particular audit log. Specifically, the API returns the action performed, as well as the `firstFactorCredential` in which you will find the signature information required to validate it. Dfns maintains a script which can be used for audit log signature validation: [WebAuthn Signature Verifier](https://github.com/dfns/example-scripts/tree/m/python/utils) ## OpenAPI ````yaml /openapi.yaml get /auth/action/logs/{id} openapi: 3.1.0 info: version: 1.807.0 title: Dfns servers: - url: https://api.dfns.io description: Default - Europe - url: https://api.uae.dfns.io description: UAE - url: https://api.dfns.ninja description: Staging security: [] paths: /auth/action/logs/{id}: get: tags: - Auth summary: Get Audit Log description: >- Gets detailed information for a particular audit log. Specifically, the API returns the action performed, as well as the `firstFactorCredential` in which you will find the signature information required to validate it. Dfns maintains a script which can be used for audit log signature validation: [WebAuthn Signature Verifier](https://github.com/dfns/example-scripts/tree/m/python/utils) parameters: - schema: anyOf: - type: string minLength: 1 maxLength: 64 pattern: ^uj-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: '' example: uj-22lhj-mp2ir-88at3r4cufpis60i - type: string minLength: 1 maxLength: 64 pattern: ^to-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: '' example: to-202a0-cdo33-o65mbt6q758lvvnt description: Log id you need information about. required: true description: Log id you need information about. name: id in: path responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/AuditLog' security: - authenticationToken: [] components: schemas: AuditLog: type: object properties: id: anyOf: - type: string minLength: 1 maxLength: 64 pattern: ^uj-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: '' example: uj-22lhj-mp2ir-88at3r4cufpis60i - type: string minLength: 1 maxLength: 64 pattern: ^to-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: '' example: to-202a0-cdo33-o65mbt6q758lvvnt description: Log id. action: type: string description: Action performed. actionToken: type: string description: User Action Signature used as token for permorming this action. userId: type: - string - 'null' minLength: 1 maxLength: 64 pattern: ^us-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: User who performed the action. example: us-6b58p-r53sr-rlrd3l5cj3uc4ome username: type: - string - 'null' description: Username who performed the action. datePerformed: type: - string - 'null' format: date-time description: >- [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be UTC). When this action was signed. example: '2023-04-14T20:41:28.715Z' firstFactorCredential: type: object properties: id: type: string minLength: 1 maxLength: 64 pattern: ^cr-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$ description: Id of the credential used to sign this action. example: cr-6uunn-bm6ja-f6rmod5kqrk5rbel kind: allOf: - $ref: '#/components/schemas/CredentialKind' - type: - string - 'null' description: Kind of credential used to sign this action. publicKey: type: string description: Public Key which can be used to verify signature. assertion: type: - object - 'null' properties: authenticatorData: type: - string - 'null' description: >- Used to verify the signature for Fido2 credentials. Null for Key credentials, which sign clientData directly. clientData: type: string description: >- Information, including challenge, which you can use to verify the signature. signature: type: string description: >- Signature of the clientData (and authenticatorData for Fido2). required: - authenticatorData - clientData - signature description: >- Cryptographic signature evidence. Null when the action was recorded without a WebAuthn assertion (e.g. system-initiated actions or staff-flow org-owner creations). required: - id - kind - publicKey - assertion description: >- Cryptographic Signature details. Use these parameters if you want to validate the signature. required: - id - action - actionToken - userId - username - datePerformed - firstFactorCredential additionalProperties: false example: id: uj-4vs1l-5012b-95825381215t26u8 action: >- eyJwYXlsb2FkIjoie1wibmFtZVwi3215853bGlhXCJ9IiwibWV0aG9kIjoiUFVUIiwicGF0aCI6Ii93YWxsZX32584LTNsNmFwLXI0Y2J0LThqMDltaGh0YnU1MjQyYzgiLCJzZXJ2ZXIiOiJhcGkuZGZucy5pbyIsInN56534nkiOiJVcGRhdGUgd2FsbGV0IHdhLTNsNmFwLXI0Y2J0LThqMDlt84388jQyYzguIiwibm9uY2UiOiIifQ== actionToken: >- eyJ0eXAiOiJKV1QiLC453JFZERTQSJ9.eyJqdGkiOiJ1ai00dnMxbC01MDEyYi05NTg5Y3M0NXIy548nU4IiwiaXNzIjoiYXV0aC5kZm5zLmlvIiwiYXVk3543586XRoOnVzZXI6YWN0aW9uIiwic3ViIjoidXMtNG92aDQtNmEwaDgtODFvYWgwZmozdThsNmRqdC354348HBzOi8vY3VzdG9tL2FwcF9tZXRhZGF0YSI6eyJvcmdJZCI6Im9yLTFtZG9rLTV1dmgwLTllNzluOTlqNWE5azV1MWoiLCJmaXJzdEZhY3RvckNyZWRlbnRpYWxVdWlkIjoiY3ItN2JmcWstODl1YWctOG5scXZxdmd0NmR2ZDFtayIsInNlY29uZEZhY3RvckNyZWRlbnRpYWxVdWlkIjoiIiwiaGFzaCI6ImM5YTc5YjcxZjI0ZTRkMzJjNGJmN2M1NzlkYmQ3Y2RmZDRlNDUwOWFkMGM1ZmM5ZDVlNjEyYWFkODllMmQzOTYiLCJub25jZSI6Im5vLTVoMG44LWg5b211LTkxZHJqc2RjZnRxMzJmbmMifSwiaWF0IjoxNzYwMDE2MTg1LCJleHAiOjE3NjAwMTcwODV9.zva5vMQHkkbxGgk8IG2jHtbWOoftDA1ga_5INqLks2aCO9V29U3lWE9eE3Mu3M6z5SPHprF31BpIMW0jOzWbDA datePerformed: '2025-10-09T13:23:05.134Z' userId: us-4ovh4-6a0h8-81oa5584u8l6djt username: my-user@my-company.com firstFactorCredential: id: cr-7bfqk-89uag-8nlq12437958dvd1mk kind: Fido2 publicKey: | -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2315138132rYlwMzKbl458cZk yiHqVsN6QJRE/tqvqsdfq35eT8KEwjSGsh/Lv4LiWMFlnz/kIzjo6TCJpA== -----END PUBLIC KEY----- assertion: authenticatorData: k3SiDdanJToQdO2q1f3se58ELbhdGfzoZ3GRSPmOO9AdAAAAAA clientData: >- eyJ0eXBlIjoid2ViYXV0aG4uZ2V0qfses135ebmdlIjoiWlhsS2NGcERTVFpKYlU1dlRGUmFibGt5ZERKTVYwVXlZbnBXZGt4VWFIVmphbXd3V1ZkU2JrNHpXbk5QVjNOM1RVUlJhVXhEU25WaU1qVnFXbE5KTmtsdE5YWk1WRlUwWTBkVmVVeFVVblZaVkVGM1RGUm5lVTlIUlRKUFZFWXhZMjFPZEdFeVdYcE9WekJwVEVOS2QxbFliSE5pTWtaclUwZEdlbUZEU1RaSmJWSm9Xa2RhYkU5VVdUSmFSMVUxVFZSTk0xcEVUVFJQVjFFd1RrUlJlVTlFWXpGUFJFcHFUVlJKTVU1NlJYaE9hbWN6VFVkSk0xcEVTWGRaVjBsM1RsUlpNRmx0Vm14YWFtTXhUbGRLYWxwWFNYcE9Na2xwVEVOS2QxbFlVbTlKYW05cFRETmthR0pIZUd4a1NFMTJaREpGZEUweWR6SlpXRUYwWTJwU2FsbHVVWFJQUjI5M1QxY3hiMkZJVW1sa1ZGVjVUa1JLYWs5RFNYTkpiazR4WWxjeGFHTnVhMmxQYVVwV1kwZFNhR1JIVldka01rWnpZa2RXTUVsSVpHaE1WRTV6VG0xR2QweFlTVEJaTWtvd1RGUm9jVTFFYkhSaFIyZ3dXVzVWTVUxcVVYbFplbWQxU1c0dyIsIm9yaWdpbiI6Imh0dHBzOi8vYXBwLmRmbnMuaW8iLCJjcm9zc09yaWdpbiI6ZmFsc2V9 signature: >- MEYCIQDq2iXdlHcsqf13se5BlK1VJFiMQuV1x-HTj1efWvu5dKGgIhAJOudYr43QPWNQnxu1Y1U7PJ3pxjQNhx7kBb821HZJNk CredentialKind: type: string description: The kind of credential. enum: - Fido2 - Key - RecoveryKey - PasswordProtectedKey securitySchemes: authenticationToken: type: http scheme: bearer bearerFormat: JWT description: >- **Bearer Token:** Used to authenticate API requests. More details how to generate the token: [Authentication flows](https://docs.dfns.co/api-reference/auth/login-flows) ````