> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.

# List Audit Logs

> 
  Gets all signature events which have occurred in the over the timeframe. The time range is unbounded, but the export is capped at 100,000 rows. When the result is truncated, the `X-Dfns-Result-Truncated: true` response header is set and a trailing `# TRUNCATED ...` line is appended to the CSV; narrow the time range to retrieve all data.

StartTime and EndTime are URL-encoded UTC ISO timestamps:
`startTime=2025-08-29T02%3A46%3A40Z`   
`endTime=2025-09-01T02%3A46%3A40Z`   

An additional optional query parameter, `userId` can be specified to filter down events to a particular user. The API will return results found in CSV format.


Dfns maintains a script which can be used for audit log signature validation: [WebAuthn Signature Verifier](https://github.com/dfns/example-scripts/tree/m/python/utils)



#### Authentication

✅ Organization User (`CustomerEmployee`)\
❌ Delegated User (`EndUser`)\
✅ Service Account

#### Required Permissions

`Auth:Logs:Read`: Always required.


## OpenAPI

````yaml /openapi.yaml get /auth/action/logs
openapi: 3.1.0
info:
  version: 1.910.1
  title: Dfns
servers:
  - url: https://api.dfns.io
    description: Default - Europe
  - url: https://api.uae.dfns.io
    description: UAE
  - url: https://api.dfns.ninja
    description: <Deprecated> Staging
security: []
paths:
  /auth/action/logs:
    get:
      tags:
        - Auth
      summary: List Audit Logs
      description: >2+

          Gets all signature events which have occurred in the over the timeframe. The time range is unbounded, but the export is capped at 100,000 rows. When the result is truncated, the `X-Dfns-Result-Truncated: true` response header is set and a trailing `# TRUNCATED ...` line is appended to the CSV; narrow the time range to retrieve all data.

        StartTime and EndTime are URL-encoded UTC ISO timestamps:

        `startTime=2025-08-29T02%3A46%3A40Z`   

        `endTime=2025-09-01T02%3A46%3A40Z`   


        An additional optional query parameter, `userId` can be specified to
        filter down events to a particular user. The API will return results
        found in CSV format.



        Dfns maintains a script which can be used for audit log signature
        validation: [WebAuthn Signature
        Verifier](https://github.com/dfns/example-scripts/tree/m/python/utils)

      parameters:
        - schema:
            type: string
            format: date-time
            description: >-
              [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be
              UTC). Start of the range.
          required: true
          description: >-
            [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be
            UTC). Start of the range.
          name: startTime
          in: query
        - schema:
            type: string
            format: date-time
            description: >-
              [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be
              UTC). End of the range. The export is capped at 100,000 rows.
          required: true
          description: >-
            [ISO 8601](https://en.wikipedia.org/wiki/ISO_8601) date (must be
            UTC). End of the range. The export is capped at 100,000 rows.
          name: endTime
          in: query
        - schema:
            type: string
            minLength: 1
            maxLength: 64
            description: Provide a user id to list events from that particular user only.
          required: false
          description: Provide a user id to list events from that particular user only.
          name: userId
          in: query
      responses:
        '200':
          description: Success
          content:
            text/csv:
              schema:
                type: string
                description: "List of event in CSV format. Content contains: \n        \n| Field | Type | description |\n| ----- | ---- | ----------- |\n| Date Performed | date-time | When the action was performed |\n| Audit Log ID | log id | id of the log (to use with [Get Audit Log](https://docs.dfns.co/api-reference/auth/get-audit-log)) |\n| User ID | user id | User id who performed the action |\n| Primary Credential ID | credential id | Credential used by the user |\n| Action Path\tSummary | string | Summary of this action |\n\nCheck out '[Get Audit Log](https://docs.dfns.co/api-reference/auth/get-audit-log)' response for more details about those fields.\n    "
                example: >-
                  Date Performed,Audit Log ID,User ID,Username,Primary
                  Credential ID,Action Path,Summary

                  2025-10-09T13:23:05.134Z,uj-4vs1l-5012b-9589s12d57t26u8,us-4ovh4-6a0h8-81d2df5e2u8l6djt,my-user@my-company.com,cr-7bfqk-89uag-8nle1s2d3f8e6dvd1mk,/wallets/wa-3l6ap-r4cbt-8js1e2f3s8u5242c8,Update
                  wallet wa-3l6ap-r4cbt-8j09mhse1f3s5e242c8.
      security:
        - authenticationToken: []
components:
  securitySchemes:
    authenticationToken:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        **Bearer Token:** Used to authenticate API requests.

        More details how to generate the token: [Authentication
        flows](https://docs.dfns.co/api-reference/auth/login-flows)

````