Skip to main content
Veto records an audit log entry for every authorization decision. Logs are automatically scoped to your workspace — you can only query logs for your own agents.

The audit log entry object

id
string
required
UUID of the audit log entry.
agentId
string
required
UUID of the agent that made the authorization request.
action
string
required
The action that was authorized. Currently always "authorize".
toolName
string
required
Name of the tool that was requested.
parameters
object
required
The parameters that were passed with the tool call.
result
string
required
Outcome of the authorization check. One of "allowed", "denied", or "escalated".
policyId
string | null
required
UUID of the policy that produced this decision. null if no policy matched (default deny).
reason
string
required
Human-readable explanation of the decision.
latencyMs
number
required
Time in milliseconds that Veto spent evaluating this request.
timestamp
string
required
ISO 8601 timestamp of when the authorization check occurred.

GET /v1/audit-logs

Query audit logs with optional filters. Results are returned in reverse chronological order (newest first).

Query parameters

All parameters are optional.
agent_id
string
Filter by agent UUID.
action
string
Filter by action string (e.g., "authorize").
tool_name
string
Filter by tool name (exact match).
result
string
Filter by outcome. One of "allowed", "denied", or "escalated".
from
string
ISO 8601 start time. Returns logs at or after this timestamp.
to
string
ISO 8601 end time. Returns logs at or before this timestamp.
limit
number
default:"100"
Maximum number of results to return. Range: 11000.
offset
number
default:"0"
Number of results to skip for pagination.

Response

data
AuditLogEntry[]
required
Array of audit log entries matching your query.
pagination
object
required
Pagination metadata.
Audit logs are scoped to your workspace automatically. You cannot query logs from other workspaces.
curl --request GET \
  --url 'https://api.veto.tools/v1/audit-logs?result=denied&from=2024-11-15T13:00:00Z&to=2024-11-15T14:00:00Z' \
  --header 'Authorization: Bearer veto_your_api_key'

{
  "data": [
    {
      "id": "log-uuid-1234-5678-90ab-cdef01234567",
      "agentId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "action": "authorize",
      "toolName": "file.write",
      "parameters": {
        "path": "/home/user/doc.txt",
        "content": "Hello"
      },
      "result": "denied",
      "policyId": "p9f1a2b3-c4d5-6789-efab-012345678901",
      "reason": "Path '/home/user/doc.txt' does not satisfy regex constraint '^/home/user/safe/'",
      "latencyMs": 4,
      "timestamp": "2024-11-15T14:23:01.456Z"
    }
  ],
  "pagination": {
    "limit": 100,
    "offset": 0,
    "count": 1
  }
}