Get an API key

Audit logs

Every authenticated action on your Tomoul org — key creation, model deploy, billing change — is logged with actor, IP, and request ID.

What's logged

  • API key lifecycle (create, rotate, revoke).
  • Console logins (OAuth, password).
  • Billing actions (payment method change, plan change).
  • Webhook endpoint changes.
  • Member invites and role changes (team feature, Phase 2).

Inference calls themselves are not in audit logs by default — that's usage data, available via GET /v1/usage. Customers on the Scale plan can opt into inference audit logging for compliance contexts.

Accessing logs

Console → Settings → Audit logs. Filter by actor, action type, date.

Each entry has:

  • actor — the human or API key that performed the action.
  • ip — source IP.
  • request_id — same value as the X-Request-ID response header for that action, cross-referenceable in our own logs if you escalate.
  • action — e.g. key.create, billing.payment_method.update.
  • target — the resource the action operated on.
  • created_at — ISO timestamp.

Exporting

CSV export from the console. Programmatic export via GET /v1/audit-logs is on the Phase 2 roadmap.

Retention

PlanRetention
Free / Pay-as-you-go90 days
Scale1 year (longer by contract on request)
← Previous
Webhooks
Next →
Limits & quotas
Last updated 13 May 2026Edit this page on GitHub