# Audit Logging



Audit logging provides a chronological record of changes made by users within the Socotra Insurance Suite.\
Users with `events.read` and `events.list` permissions can view audit log entries through the [Events API](/api/events/events).\
New entries are added to the audit log whenever changes occur to entities like quotes, policies, and invoices.

Refer to our documentation on [Event Definitions](/configuration/general-topics/event-definitions) for a comprehensive list of [events](/configuration/general-topics/events) that support audit logging.

Use Cases [#use-cases]

Benefits of audit logging include:

* Detecting security breaches
* Investigating unauthorized activity and operational issues
* Fulfilling regulatory requirements
* Supporting legal documentation

Viewing the Audit Log [#viewing-the-audit-log]

Users can view a list of all audit log entries for a tenant within a time range through the <ApiLink name="fetchMultipleEvents">Fetch Multiple Events</ApiLink> API endpoint.

The request for this endpoint requires a tenant locator and a start timestamp and/or an end timestamp.

For example:

| **Parameter**  | **Value**              |
| -------------- | ---------------------- |
| tenantLocator  | 01Y8FGF6FGE5JAX        |
| startTimestamp | 2025-07-18T00:00:00.0Z |
| endTimestamp   | 2025-07-21T00:00:00.0Z |

Users can also search by [event type](/configuration/general-topics/event-definitions) using the `type` parameter.\
Limit the number of entries shown in the response using the `pageSize` parameter, and search by page ID using the `pagingToken` parameter.

For example:

| **Parameter** | **Value**                   |
| ------------- | --------------------------- |
| type          | policy.account.create       |
| pageSize      | 3                           |
| pagingToken   | eyJW1lDWkpBNUJFSlJYUkEifQ== |

The response from the <ApiLink name="fetchMultipleEvents">Fetch Multiple Events</ApiLink> API endpoint contains the following fields:

<ApiSchema name="EventResponse" />

Next Steps [#next-steps]

* [Secure Deployment](/features/security/secure-deployment)

See Also [#see-also]

* [Events](/configuration/general-topics/events)
* [Events API](/api/events/events)
* [Event Definitions](/configuration/general-topics/event-definitions)
* <ApiLink name="fetchEvent">
    Fetch an Event
  </ApiLink>
* <ApiLink name="fetchMultipleEvents">
    Fetch Multiple Events
  </ApiLink>
* <ApiLink name="fetchEventsForARequest">
    Fetch Events for an API Request
  </ApiLink>
* <ApiLink name="fetchScheduledPolicyEvents">
    Fetch Scheduled Policy Events
  </ApiLink>


## API Reference

EventResponse
Properties:
  locator (ulid, required)
  requestId (ulid, required) — Identifier of the transaction request that triggered the event
  userLocator (uuid, required)
  timestamp (datetime, required)
  type (string, required)
  data (map<string, object>, required)