API Reference
Audit
Query the immutable audit log and export compliance data via the LaserData Audit API.
API Variables
ld-api-key
{tenant_id}
Set variables to auto-fill all examples and run requests in-browser.
The Audit API is hosted at https://audit.laserdata.cloud. It provides an immutable, append-only record of all operations in the tenant. Every Console action and API call is recorded.
Required permissions: audit:read
Event Types
List Audit Event Types
GET/audit/typesList all supported audit event type identifiers.
bash
curl https://audit.laserdata.cloud/audit/types \
-H "ld-api-key: YOUR_API_KEY"Audit Log
Query Tenant Audit Log
GET/audit/tenants/{tenant_id}Query the full audit log for a tenant, with filtering and pagination.
bash
curl "https://audit.laserdata.cloud/audit/tenants/{tenant_id}?page=1&results=10" \
-H "ld-api-key: YOUR_API_KEY"{
"items": [
{
"type": "deployment_created",
"name": "Deployment Created",
"author": { "id": 608123456789012345, "name": "Jane Smith" },
"user": null,
"division": { "id": 615380456123456790, "name": "Platform Engineering" },
"environment": { "id": 615380456123456791, "name": "production" },
"deployment": { "id": 611298765432109056, "name": "events-prod" },
"data": {
"cloud": "aws",
"area": "us",
"region": "us-east-1",
"variant": "managed",
"tier": "large",
"cluster_kind": "standalone",
"public_ip": "static",
"storage_type": "network_balanced",
"storage_size": 500,
"target_network_tput": 10000,
"encrypted": true,
"protected": true,
"retention": { "telemetry": { "logs_days": 90, "metrics_days": 90, "heartbeats_days": 90 } },
"code": "abc123",
"name": "events-prod",
"domain": "events-prod-abc123.laserdata.cloud",
"nodes": [
{
"id": 610809900976570889,
"name": "node-1",
"image_id": "ami-0abc123",
"variant": "ubuntu_x64",
"storage_type": "network_balanced"
}
]
},
"correlation_id": "8f4a2b6c9d1e4f3a8b5c7d9e0f1a2b3c",
"timestamp": "2025-01-15T10:30:00Z"
}
],
"page": 1,
"total_results": 1,
"total_pages": 1
}Each entry has the following shape (mirrors TenantAuditInfo in the SDK):
| Field | Description |
|---|---|
type | Event type slug (e.g. deployment_created, member_invited, access_rule_added) |
name | Human-readable label for the event type |
author | The user who performed the action. {id, name} or null for system events |
user | The user the action was performed on (member operations, role assignments). null when not applicable |
division / environment / deployment | Resource scope. Each is {id, name} or null depending on what the event touches |
data | Event-type-specific payload. Shape varies per event (see below). May be null for events with no extra payload |
correlation_id | UUID linking this event to others triggered by the same request or workflow. null if untracked |
timestamp | ISO 8601 time when the event was recorded |
The data payload is the rich context for each event. Examples:
deployment_created:{cloud, area, region, variant, tier, cluster_kind, public_ip, storage_type, storage_size, target_network_tput?, encrypted, protected, retention, code, name, domain?, nodes[]}(each node entry includesid, name, image_id, variant, storage_type)deployment_upgraded:{from_tier, to_tier, from_storage, to_storage}deployment_deleted:{name, code, reason?}access_rule_added/access_rule_deleted:{cidrs, description?, rules}(per-protocol toggles)member_invited:{email, roles}api_key_created/api_key_deleted:{name, role_id, division_id?}config_activated:{config_id, kind, name, version}
Use /audit/types for the full machine-readable enum of event types supported on your tenant.
| Query Parameter | Description |
|---|---|
page | Page number |
results | Items per page (max 100) |
from | Start time (ISO 8601) |
to | End time (ISO 8601) |
user | Filter by subject user id |
author | Filter by acting user id |
division | Filter by division id |
environment | Filter by environment id |
deployment | Filter by deployment id |
types | Comma-separated list of event types to include |
correlation_id | Find all events sharing a correlation UUID |