The Audit Logs API provides programmatic access to user and system activity within the Celona platform. Customers can use audit logs to support security monitoring, compliance, troubleshooting, and operational visibility.
Audit records capture who performed an action, what action was taken, when it occurred, and from where.
Use Cases
Security and compliance auditing
Tracking administrative and user activity
Investigating configuration changes or operational events
Integrating audit data with SIEM and monitoring tools
Audit records capture who performed an action, what action was taken, when it occurred, and from where.
API Endpoint
GET
https://cso.celona.io/v1/api/audit/records
Authentication
All requests must be authenticated using an API key.
Request Headers
Header | Required | Description |
| Yes |
|
| Yes | Celona-issued API key |
Query Parameters
Parameter | Type | Required | Description |
| integer (epoch ms) | Yes | Start of the audit log time range. |
| integer (epoch ms) | Yes | End of the audit log time range. |
| string | No | Field to sort by (recommended: |
| string | No | Sort order: |
| integer | No | Page number (1-based). |
| integer | No | Number of records per page. |
Example Request
curl 'https://cso.celona.io/v1/api/audit/records?start-time=1764027318162&end-time=1764113718162&sort-columns=time&sort-direction=desc&page-index=1&page-size=25' \
-H 'accept: application/json, text/plain, */*' \
-H 'x-api-key: <your-api-key>'
Example Response
{
"code": 200,
"success": true,
"error": "",
"data": {
"total": 2,
"filtered": 2,
"records": [
{
"time": "2025-12-10T21:41:43Z",
"action": "added diagnostic tool request",
"accessType": "UI",
"statusCode": 200,
"userName": "John Doe",
"email": "johndoe@celona.io",
"userRole": "SuperAdmin",
"ip": "xxx.xx.xx.xxx",
"userAgent": "Safari",
"customerId": "99999999",
"details": [
{
"name": "Cluster ID",
"value": "10000xxxx-0-10000xxxx-397485xxx"
},
{
"name": "Script Name",
"value": "Edge - Execute Ping Command"
}
]
},
{
"time": "2025-12-10T15:30:43Z",
"action": "logged in",
"accessType": "UI",
"statusCode": 200,
"userName": "John Doe",
"email": "johndoe@celona.io",
"userRole": "Device Manager (Type - 1)",
"ip": "xxx.xx.xx.xxx",
"userAgent": "Edge",
"customerId": "99999999",
"details": []
}
]
}
}
Response Field Definitions
Top-Level Response
Field | Description |
| Indicates whether the request completed successfully. |
| Response status code. |
| Error message if the request fails. |
| Container for audit log results. |
Audit Data Object
Field | Description |
| Total number of audit records matching the query. |
| Number of records returned in the current page. |
| List of audit log entries. |
Audit Record Fields
Field | Description |
| Timestamp of the event (UTC, ISO 8601). |
| Description of the action performed. |
| How the action was initiated (e.g., UI or API). |
| Resulting status of the action. |
| Name of the user who performed the action. |
| User email address. |
| User role at the time of the action. |
| Source IP address. |
| Client application or browser. |
| Customer or tenant identifier. |
| Optional contextual information related to the action. |
Pagination
Audit records are paginated using page-index and page-size.
Start with
page-index=1Increment the page index to retrieve additional records
Time Format
Request parameters use Unix epoch time in milliseconds
Response timestamps are returned in UTC (ISO 8601)
Notes & Best Practices
Use narrow time ranges to improve query performance.
For compliance or SIEM integration, poll the API at regular intervals.
Store audit logs securely and according to your organization’s retention policies.