List Audit Logs

curl --request GET \
  --url https://api.dfns.io/auth/action/logs \
  --header 'Authorization: Bearer <token>'

"Date Performed,Audit Log ID,User ID,Username,Primary Credential ID,Action Path,Summary\n2025-10-09T13:23:05.134Z,uj-4vs1l-5012b-9589s12d57t26u8,us-4ovh4-6a0h8-81d2df5e2u8l6djt,my-user@my-company.com,cr-7bfqk-89uag-8nle1s2d3f8e6dvd1mk,/wallets/wa-3l6ap-r4cbt-8js1e2f3s8u5242c8,Update wallet wa-3l6ap-r4cbt-8j09mhse1f3s5e242c8."

List Audit Logs

Gets all signature events which have occurred in the over the timeframe. The time range is unbounded, but the export is capped at 100,000 rows. When the result is truncated, the X-Dfns-Result-Truncated: true response header is set and a trailing # TRUNCATED ... line is appended to the CSV; narrow the time range to retrieve all data.

StartTime and EndTime are URL-encoded UTC ISO timestamps: startTime=2025-08-29T02%3A46%3A40Z
endTime=2025-09-01T02%3A46%3A40Z

An additional optional query parameter, userId can be specified to filter down events to a particular user. The API will return results found in CSV format.

Dfns maintains a script which can be used for audit log signature validation: WebAuthn Signature Verifier

GET

/

auth

/

action

/

logs

List Audit Logs

curl --request GET \
  --url https://api.dfns.io/auth/action/logs \
  --header 'Authorization: Bearer <token>'

"Date Performed,Audit Log ID,User ID,Username,Primary Credential ID,Action Path,Summary\n2025-10-09T13:23:05.134Z,uj-4vs1l-5012b-9589s12d57t26u8,us-4ovh4-6a0h8-81d2df5e2u8l6djt,my-user@my-company.com,cr-7bfqk-89uag-8nle1s2d3f8e6dvd1mk,/wallets/wa-3l6ap-r4cbt-8js1e2f3s8u5242c8,Update wallet wa-3l6ap-r4cbt-8j09mhse1f3s5e242c8."

Authentication

✅ Organization User (CustomerEmployee)
❌ Delegated User (EndUser)
✅ Service Account

Required Permissions

Auth:Logs:Read: Always required.

Authorizations

Authorization

string

header

required

Bearer Token: Used to authenticate API requests. More details how to generate the token: Authentication flows

Query Parameters

startTime

string<date-time>

required

ISO 8601 date (must be UTC). Start of the range.

endTime

string<date-time>

required

ISO 8601 date (must be UTC). End of the range. The export is capped at 100,000 rows.

userId

string

Provide a user id to list events from that particular user only.

Required string length: 1 - 64

Response

200 - text/csv

Success

List of event in CSV format. Content contains:

Field	Type	description
Date Performed	date-time	When the action was performed
Audit Log ID	log id	id of the log (to use with Get Audit Log)
User ID	user id	User id who performed the action
Primary Credential ID	credential id	Credential used by the user
Action Path Summary	string	Summary of this action

Check out 'Get Audit Log' response for more details about those fields.

Example:

"Date Performed,Audit Log ID,User ID,Username,Primary Credential ID,Action Path,Summary\n2025-10-09T13:23:05.134Z,uj-4vs1l-5012b-9589s12d57t26u8,us-4ovh4-6a0h8-81d2df5e2u8l6djt,my-user@my-company.com,cr-7bfqk-89uag-8nle1s2d3f8e6dvd1mk,/wallets/wa-3l6ap-r4cbt-8js1e2f3s8u5242c8,Update wallet wa-3l6ap-r4cbt-8j09mhse1f3s5e242c8."

Last modified on June 18, 2026

Create User Action Signature

⌘I