User Action Logs
Retrieves user activity logs from the last 30 days.
This endpoint fetches logs stored in PostgreSQL (recent logs within retention period). Logs older than 30 days are archived in S3 and must be accessed via the archived-download-urls endpoint.
Headers
Authorization*
HMAC {key}:{signature}:{nonce}:{timestamp}
Content-Type
application/json
Query Parameters
start_date
DateTime
Yes
Start date in ISO 8601 format. E.g., 2024-01-01T00:00:00Z
end_date
DateTime
Yes
End date in ISO 8601 format. Must be after start_date. E.g., 2024-01-31T23:59:59Z
action_type
String
No
Filter by action type. See action types list below
user_email
String
No
Filter by user email address
organization_machine_id
Integer
No
Filter by machine ID
Retention Policy
Logs from the last 30 days are stored in PostgreSQL (fast querying)
Logs older than 30 days are archived in S3
If date range extends beyond 30 days, only the recent portion is returned
Maximum 1000 logs returned per request
Action Types
machine_started
Machine was started
machine_stopped
Machine was stopped
machine_reset
Machine was reset to factory settings
machine_type_changed
Machine type was changed (upgrade/downgrade)
machine_external_access_created
External access token was created
machine_created
Machine was created
file_downloaded
File was downloaded
file_uploaded
File upload was completed
file_deleted
File or folder was deleted
folder_created
Folder was created
user_login
User logged in
Error Responses
400
Bad request (e.g., end_date is before start_date)
Response Fields
logs
Array
Array of log entry objects
logs[].id
Integer
Log entry ID
logs[].action_type
String
Action type (see action types table above)
logs[].user_id
Integer
User ID who performed the action
logs[].user_email
String
Email address of user who performed the action
logs[].machine_id
Integer
Machine ID (organization_machine_id). null if action not related to a machine
logs[].metadata
Object
Additional metadata specific to the action type. Structure varies by action
logs[].created_at
String
ISO 8601 timestamp when log was created
logs[].updated_at
String
ISO 8601 timestamp when log was last updated
count
Integer
Total number of logs returned (max 1000)
start_date
String
Start date used in query (ISO 8601)
end_date
String
End date used in query (ISO 8601)
note
String
Optional note if date range extends beyond retention period
Metadata Examples by Action Type
machine_started:
{ "machine_type_id": 1, "machine_type_name": "Standard", "region": "dublin" }machine_type_changed:
{ "old_machine_type_id": 1, "new_machine_type_id": 2, "machine_type_name": "Performance" }file_deleted:
{ "file_id": 123, "file_name": "document.pdf", "file_size": 1048576, "file_content_type": "application/pdf", "is_shared": false, "object_type": "file" }file_uploaded:
{ "file_id": 123, "file_name": "document.pdf", "file_size": 1048576 }
Response Example
Note
For logs older than 30 days, use the archived-download-urls endpoint. If the date range extends beyond the retention period, the response will include a note field indicating to use the archived endpoint.
(Required) Start date. ISO 8601 format (e.g., 2024-01-01T00:00:00Z)
2024-01-01T00:00:00Z(Required) End date. ISO 8601 format. Must be after start_date.
2024-01-31T23:59:59Z(Optional) Action type filter. E.g., machine_started, machine_stopped, file_downloaded
(Optional) Filter by user email
(Optional) Filter by machine ID
Generates presigned S3 download URLs for archived logs older than 30 days.
This endpoint provides download URLs for logs that have been archived to S3. Logs are archived monthly, so each URL typically contains one month of logs.
Headers
Authorization*
HMAC {key}:{signature}:{nonce}:{timestamp}
Content-Type
application/json
Query Parameters
start_date
DateTime
Yes
-
Start date in ISO 8601 format. Must be older than 30 days. E.g., 2023-01-01T00:00:00Z
end_date
DateTime
Yes
-
End date in ISO 8601 format. Must be older than 30 days. Must be after start_date. E.g., 2023-12-31T23:59:59Z
expires_in
Integer
No
600
Presigned URL validity duration in seconds. Default: 600 (10 minutes). Maximum recommended: 3600 (1 hour)
Restrictions
Can only be used for logs older than 30 days
Use the main
/user-action-logsendpoint for logs from the last 30 daysDate range must be entirely within the archived period
Validation
end_datemust be afterstart_dateBoth dates must be older than 30 days
Both dates must be in the past
Error Responses
400
Bad request.
Response Fields:
download_urls
Array
Array of presigned S3 download URLs. Each URL typically contains one month of logs
download_urls[]
String
Presigned S3 URL for downloading archived log file. URL expires after expires_in seconds
count
Integer
Number of download URLs generated
start_date
String
Start date used in query (ISO 8601)
end_date
String
End date used in query (ISO 8601)
Response Example:
Usage Instructions:
Download Files: Make HTTP GET requests to each URL in
download_urlsarrayFile Format: Files are in
.json.gzformat (gzip-compressed JSON)Content: Each file typically contains one month of logs in JSON format
Decompression: Decompress the
.gzfiles to get JSON dataURL Expiration: URLs expire after
expires_inseconds (default 10 minutes)Download Timing: Download all URLs promptly after receiving the response
File Structure: Each downloaded file contains an array of log objects with the same structure as the main endpoint response.
(Required) Start date. Must be older than 30 days.
2023-01-01T00:00:00Z(Required) End date. Must be older than 30 days.
2023-12-31T23:59:59Z(Optional) URL validity duration (seconds). Default: 600 (10 minutes)
600Last updated