List Audit Logs

curl --request GET \
  --url https://api.dfns.io/auth/action/logs \
  --header 'Authorization: Bearer <token>'

"Date Performed,Audit Log ID,User ID,Username,Primary Credential ID,Action Path,Summary\n2025-10-09T13:23:05.134Z,uj-4vs1l-5012b-9589s12d57t26u8,us-4ovh4-6a0h8-81d2df5e2u8l6djt,my-user@my-company.com,cr-7bfqk-89uag-8nle1s2d3f8e6dvd1mk,/wallets/wa-3l6ap-r4cbt-8js1e2f3s8u5242c8,Update wallet wa-3l6ap-r4cbt-8j09mhse1f3s5e242c8."

List Audit Logs

Gets all signature events which have occurred in the over the timeframe. The max range the API supports is 7 days.

StartTime and EndTime are URL-encoded UTC ISO timestamps:
startTime=2025-08-29T02%3A46%3A40Z
endTime=2025-09-01T02%3A46%3A40Z

An additional optional query parameter, userId can be specified to filter down events to a particular user. The API will return results found in CSV format.

Dfns maintains a script which can be used for audit log signature validation: WebAuthn Signature Verifier

GET

auth

action

logs

List Audit Logs

curl --request GET \
  --url https://api.dfns.io/auth/action/logs \
  --header 'Authorization: Bearer <token>'

"Date Performed,Audit Log ID,User ID,Username,Primary Credential ID,Action Path,Summary\n2025-10-09T13:23:05.134Z,uj-4vs1l-5012b-9589s12d57t26u8,us-4ovh4-6a0h8-81d2df5e2u8l6djt,my-user@my-company.com,cr-7bfqk-89uag-8nle1s2d3f8e6dvd1mk,/wallets/wa-3l6ap-r4cbt-8js1e2f3s8u5242c8,Update wallet wa-3l6ap-r4cbt-8j09mhse1f3s5e242c8."

Authentication

✅ Organization User (CustomerEmployee)
❌ Delegated User (EndUser)
✅ Service Account

Required Permissions

Auth:Logs:Read: Always required.

Authorizations

Authorization

string

header

required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

Query Parameters

startTime

string<date-time>

required

ISO 8601 date (must be UTC). Start of the range.

endTime

string<date-time>

required

ISO 8601 date (must be UTC). End of the range. The max range the API supports is 7 days.

userId

string

Provide a user id to list events from that particular user only.

Required string length: 1 - 64

Response

200 - text/csv

Success

List of event in CSV format. Content contains:

Field	Type	description
Date Performed	date-time	When the action was performed
Audit Log ID	log id	id of the log (to use with Get Audit Log)
User ID	user id	User id who performed the action
Primary Credential ID	credential id	Credential used by the user
Action Path Summary	string	Summary of this action

Check out 'Get Audit Log' response for more details about those fields.

Example:

"Date Performed,Audit Log ID,User ID,Username,Primary Credential ID,Action Path,Summary\n2025-10-09T13:23:05.134Z,uj-4vs1l-5012b-9589s12d57t26u8,us-4ovh4-6a0h8-81d2df5e2u8l6djt,my-user@my-company.com,cr-7bfqk-89uag-8nle1s2d3f8e6dvd1mk,/wallets/wa-3l6ap-r4cbt-8js1e2f3s8u5242c8,Update wallet wa-3l6ap-r4cbt-8j09mhse1f3s5e242c8."

Create User Action Signature

Get Audit Log

⌘I

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

List Audit Logs

Authentication

Required Permissions

Authorizations

Query Parameters

Response

API Authorization

Identity & Access Management

Wallets & Transactions

Management

Webhooks

​Authentication

​Required Permissions

Authorizations

Query Parameters

Response

Authentication

Required Permissions