Audit Logging.
How agent API requests are tracked and monitored.
Every authenticated Agent API request is automatically recorded in the Activity Logs. This provides a complete audit trail of all machine-to-machine operations—critical for security, compliance, and debugging.
How It Works
Audit logging runs in the terminate phase—after the response has already been sent to the client. This means:
- Zero latency impact — The client gets their response without waiting for the log to be written
- Automatic — No configuration required. Every authenticated request is logged.
- Integrated — Uses the same Activity Log system as all other platform events
What Gets Logged
Each agent request creates an activity log entry with:
| Field | Example | Description |
|---|---|---|
| Log Name | agent_api |
Category for filtering |
| Event | agent_read, agent_write, agent_delete |
Derived from HTTP method |
| Description | Agent GET /api/agent/v1/partner/clubs → 200 |
Human-readable summary |
| Causer | Partner "Coffee Corner" | The key's owner (who) |
| Subject | AgentKey "POS Terminal 1" | The key used (which) |
| Endpoint | /api/agent/v1/partner/clubs |
Full request path |
| Method | GET |
HTTP method |
| Status Code | 200 |
Response status |
| Key Prefix | rl_agent_a8f3k2m1 |
Key identification |
| Owner Type | Partner |
Role type |
| Scopes | ["read", "write:transactions"] |
Key's permissions |
| IP Address | 192.168.1.100 |
Client IP |
| User Agent | curl/8.1.2 |
Client identifier |
| Timestamp | 2026-03-06 10:15:32 |
When the request occurred |
Event Types
Events are derived from the HTTP method:
| HTTP Method | Event | Description |
|---|---|---|
GET |
agent_read |
Data retrieval |
POST |
agent_write |
Creation or operation |
PUT / PATCH |
agent_write |
Update |
DELETE |
agent_delete |
Deletion |
Viewing Agent Logs
Agent API activity appears in Activity Logs alongside all other platform events.
In the Partner Dashboard
Partners see their own agent API activity under Activity → Activity Logs:
- Category filter → Select
Agent Keysto show only agent requests - Event filter → Select
Agent Read,Agent Write, orAgent Delete - Subject filter → Select
Agent Keyto see which key was used - Agent events display with visual badges: 👁 Read (info), ⚡ Write (primary), ❌ Delete (danger)
In the Admin Dashboard
Admins see all agent API activity across all partners:
- Same filters as above, plus filtering by partner (causer)
- Useful for monitoring platform-wide API usage and investigating issues
See Viewing Activity Logs for the full filtering interface.
What's NOT Logged
For security and performance:
- Request bodies are not logged (may contain PII or sensitive data)
- Response bodies are not logged (could be large)
- Failed authentication attempts are not logged here (the request never reaches the middleware that logs authenticated requests—AuthenticateAgent rejects them earlier)
- Health check details — Health checks are logged like any other request but contain no sensitive data
Monitoring Patterns
Detect Unusual Activity
Watch for:
| Pattern | What It Might Mean |
|---|---|
High volume of agent_delete events |
Unexpected bulk deletion |
| Requests from unfamiliar IPs | Key may be compromised |
Many 403 status codes |
Key being used beyond its scope |
| Requests outside business hours | Automated system or unauthorized use |
| Sudden spike in request volume | Integration error or abuse |
Audit After Key Compromise
If you suspect a key has been compromised:
- Revoke the key immediately (see Managing Keys)
- Filter Activity Logs for that key's prefix
- Review what endpoints were called and what data was accessed
- Create a new key with the same scopes for your legitimate integration
For Developers
Agent logs use the same Activity model as all other platform logs. If you're building custom analytics or monitoring:
use App\Models\Activity;
// Get all agent API logs
$agentLogs = Activity::agentApi()->latest()->get();
// Get agent logs for a specific partner
$partnerLogs = Activity::agentApi()
->where('causer_id', $partnerId)
->where('causer_type', Partner::class)
->latest()
->get();
// Get agent write operations only
$writes = Activity::agentApi()
->forEvents(['agent_write', 'agent_delete'])
->latest()
->get();
Related Topics
- Activity Logs Overview — The full audit trail system
- Viewing Activity Logs — Filtering and searching logs
- Activity Log Analytics — Charts and metrics
- Authentication — Key security model
- Managing Keys — Revoking compromised keys