Skip to main content

Overview

EngageFabric’s Audit Logging system provides comprehensive tracking of all administrative actions, security events, and resource changes. This is essential for:
  • Compliance: Meet regulatory requirements (SOC 2, GDPR)
  • Security Monitoring: Detect suspicious activity in real-time
  • Accountability: Track who made changes and when
  • Debugging: Investigate issues with full audit trails
Audit logs are only accessible to users with Admin or Owner roles.

Querying Audit Logs

List Audit Logs

Retrieve paginated audit logs with optional filters: 
curl -X GET "https://api.engagefabric.com/admin/audit-logs" \
  -H "Authorization: Bearer your-jwt-token" \
  -G \
  -d "tenantId=your-tenant-id" \
  -d "limit=50" \
  -d "offset=0"
Response: 
{
  "data": [
    {
      "id": "log-uuid",
      "tenantId": "tenant-uuid",
      "projectId": "project-uuid",
      "adminId": "admin-uuid",
      "eventType": "XP_GRANTED",
      "action": "adjust_xp",
      "resource": "player",
      "resourceId": "player-uuid",
      "changes": {
        "before": { "xp": 1000 },
        "after": { "xp": 1500 }
      },
      "details": {
        "playerId": "player-uuid",
        "playerName": "John Doe",
        "amount": 500,
        "reason": "Customer support compensation"
      },
      "ipAddress": "192.168.1.1",
      "userAgent": "Mozilla/5.0...",
      "createdAt": "2025-12-01T10:30:00Z"
    }
  ],
  "total": 156,
  "limit": 50,
  "offset": 0
}

Get Single Audit Log

curl -X GET "https://api.engagefabric.com/admin/audit-logs/{logId}" \
  -H "Authorization: Bearer your-jwt-token"

Security Monitoring

Suspicious Activity

Retrieve audit logs flagged as suspicious: 
curl -X GET "https://api.engagefabric.com/admin/audit-logs/suspicious/activity" \
  -H "Authorization: Bearer your-jwt-token" \
  -G \
  -d "tenantId=your-tenant-id" \
  -d "limit=20"
Suspicious activity includes:
  • Multiple failed authentication attempts
  • Unusual API key usage patterns
  • High-volume data exports
  • Permission escalation attempts

Recent Security Events

Get security-related events from the past hours: 
curl -X GET "https://api.engagefabric.com/admin/audit-logs/security/events" \
  -H "Authorization: Bearer your-jwt-token" \
  -G \
  -d "hours=24" \
  -d "limit=100"

Resource Audit Trail

Track all changes to a specific resource: 
curl -X GET "https://api.engagefabric.com/admin/audit-logs/resource/player/{playerId}" \
  -H "Authorization: Bearer your-jwt-token" \
  -G \
  -d "limit=50"
Supported Resource Types:
  • player - Player records
  • quest - Quest definitions
  • adventure - Adventure/season configurations
  • leaderboard - Leaderboard settings
  • rule - Rules engine rules
  • api-key - API key management

Event Types

Event TypeDescription
XP_GRANTEDXP added or removed from player
CURRENCY_GRANTEDCurrency adjusted
LEVEL_UPPlayer level increased
QUEST_COMPLETEDQuest marked as completed
BADGE_AWARDEDBadge granted to player
API_KEY_CREATEDNew API key generated
API_KEY_REVOKEDAPI key deactivated
USER_LOGINAdmin user logged in
USER_LOGOUTAdmin user logged out
SETTINGS_CHANGEDProject or tenant settings modified
RULE_CREATEDNew rule added to rules engine
RULE_UPDATEDExisting rule modified

Audit Log Retention

TierRetention Period
Free7 days
Starter30 days
Pro90 days
EnterpriseCustom (up to unlimited)
Audit logs older than your retention period are automatically deleted. Export important logs before they expire.

Best Practices

Regular Reviews

Schedule weekly reviews of audit logs to identify unusual patterns or unauthorized access attempts.

Export for Compliance

Export audit logs regularly for long-term storage and compliance requirements.

Set Up Alerts

Configure webhook notifications for critical security events to enable real-time monitoring.

Document Actions

Always provide meaningful reasons when making admin adjustments to maintain a clear audit trail.

Player Management

Learn about admin player operations that generate audit logs

Webhooks

Set up notifications for audit events