Security & Compliance
Audit Logs
Capture and correlate events for billing, API usage, and operational troubleshooting.
Overview
Audit logging should preserve actor, action, context, and outcome so incidents and billing/security investigations can be reconstructed reliably.
What You Will Learn
- How to structure high-signal events for publishing and credential operations.
- How to correlate request IDs, job IDs, pin IDs, and webhook deliveries.
- How to enforce retention and access boundaries for sensitive logs.
Implementation Checklist
- Log actor, workspace, action, timestamp, target resource, and outcome for every sensitive operation.
- Capture request_id and business identifiers (pin_id, schedule_id, webhook_id) for end-to-end traceability.
- Use immutable or append-only log storage where possible.
- Restrict audit log access to privileged operators with periodic access review.
- Define retention windows and incident export procedures in your runbooks.
Deep Dive
1) Event schema that holds up in incidents
A minimal schema is not enough for root-cause analysis; include enough context to reconstruct decisions and side effects.
- Required fields: actor, action, resource, timestamp, result, request_id.
- Include environment and workspace identifiers for multi-tenant clarity.
- Record validation and upstream failure context for failed operations.
2) Correlation strategy across systems
Use stable IDs to join API, queue, webhook, and billing timelines quickly.
- Store API request_id alongside your internal job/task IDs.
- Link webhook delivery records back to publish attempts.
- Keep correlation IDs visible in dashboards and incident tickets.
3) Access and retention governance
Audit logs can contain sensitive operational context, so access and retention policies must be explicit.
- Limit read/export permissions to authorized responders.
- Apply retention windows based on compliance and operational needs.
- Test audit export/recovery procedures before a real incident.