fastify-xadmin
Audit Log Route
Paginated admin audit log — GET /api/admin/audit-log with filtering by resource, action, user, and date range.
Audit Log Route
Stream paginated audit log entries for all admin actions. Entries are recorded automatically whenever users, roles, tenants, or impersonation sessions are created, updated, or deleted through the admin routes.
Route
GET /api/admin/audit-log
Usage
const response = await fetch(
"/api/admin/audit-log?page=1&limit=20&resource=user",
{ headers: { Authorization: `Bearer ${adminToken}` } }
);
const { entries, total } = await response.json();
Query Parameters
| Name | Type | Default | Description |
|---|---|---|---|
page | number | 1 | Page number (1-indexed). |
limit | number | 20 | Entries per page. |
resource | string | — | Filter by resource type: "user", "role", "tenant", "impersonation", "stripe". |
action | string | — | Filter by action: "created", "updated", "deleted". |
actorId | string | — | Filter entries caused by a specific admin user ID. |
targetId | string | — | Filter entries that affected a specific resource ID. |
from | string | — | ISO 8601 start date (inclusive), e.g. "2025-01-01". |
to | string | — | ISO 8601 end date (inclusive), e.g. "2025-03-31". |
Response
{
"entries": [
{
"id": "log_001",
"resource": "user",
"action": "updated",
"actorId": "usr_admin",
"actorEmail": "admin@example.com",
"targetId": "usr_123",
"meta": { "field": "role", "from": "member", "to": "admin" },
"createdAt": "2025-04-19T11:30:00.000Z"
}
],
"total": 342,
"page": 1,
"limit": 20
}
Entry Fields
| Field | Type | Description |
|---|---|---|
id | string | Unique log entry ID. |
resource | string | Resource type that was affected ("user", "role", "tenant", etc.). |
action | string | What happened: "created", "updated", or "deleted". |
actorId | string | ID of the admin who performed the action. |
actorEmail | string | Email of the admin for display. |
targetId | string | ID of the affected resource. |
meta | object | Action-specific detail (e.g. changed fields, old/new values). |
createdAt | string | ISO 8601 timestamp. |
Example — Filter by date range and resource
const params = new URLSearchParams({
resource: "tenant",
from: "2025-01-01",
to: "2025-03-31",
limit: "50",
});
const response = await fetch(`/api/admin/audit-log?${params}`, {
headers: { Authorization: `Bearer ${adminToken}` },
});
const { entries } = await response.json();
AI Context
package: "@xenterprises/fastify-xadmin"
routes:
- GET /api/admin/audit-log — paginated log of admin actions
filters: resource, action, actorId, targetId, from (ISO date), to (ISO date)
auto-recorded: user/role/tenant/impersonation/stripe admin operations
auth: requires the admin role set at plugin registration
See Also
- Users Routes — actions recorded when users are modified
- Impersonation — impersonation start/end events appear here