Audit log (`/audit-log`)

Purpose

Use Audit log to answer who changed what, when, and where in your company APIs.

This page is best for short-horizon investigations:

configuration changes that suddenly affected checkout or reporting
product/category updates that created unexpected behavior
permission or team changes that need accountability

Important: this is an operational mutation log, not a full accounting ledger. Rows are retained for about 7 days, so investigate and document findings early.

Who should use it

Company owners doing incident follow-up or control checks.
Super admins investigating cross-company support cases (with a selected company).

By default, access is restricted to the company Owner (company.view_audit_log). Managers and employees do not see the sidebar link unless the owner grants Audit log under Company → Permissions. Direct URLs and API calls follow the same rule. Super admins with a company selected retain access.

What each row shows

Time: when the successful API mutation was recorded (newest first).
Area: high-level event class (for example Products, Inventory, Company rules, Team & access).
Method + Path: the HTTP action and endpoint that changed data.
Summary: backend-generated human-readable description of the action.
Actor: membership display name, or account display/email fallback.
HTTP: response status for the recorded action.
Before / After: expandable redacted snapshots when available.

Only successful mutations are recorded here (2xx responses). Failed attempts are not shown in this table.

The page has a Filters card (period, quick group, and area) and a separate Events list. Export CSV uses the same filters.

Filter by area first to cut noise and focus on one domain.
Use quick group (Pricing, Settings, Company) for broad slices.
Keep the list in descending time order (default) to reconstruct exact sequence.
Choose rows per page and use pagination to continue backward in time.
On small screens, events appear as cards; on desktop, use the table (sticky header when scrolling).
Expand only rows with relevant snapshots to keep review speed high.
Investigation presets (All, Pricing, Settings, Company) are remembered per company for your browser session.
When a row maps to a screen in the app, use Open product, Open product pricing, Open employees, and similar links in the summary or detail panel.

Practical filter examples:

Pricing incident after a settings change -> COMPANY_RULES
Suspected unauthorized team edit -> COMPANY_TEAM
Unexpected product behavior at register -> PRODUCTS and INVENTORY
Problem around a sale flow -> POS_REGISTER and SALES

Investigation workflows

1) Who changed this setting?

Start with the likely area (COMPANY_RULES, COMPANY_TEAM, etc.).
Narrow to the incident window (for example last 2 hours).
Locate entries with matching path/summary.
Confirm actor and compare Before/After snapshots.
Record exact time, actor, and affected fields for escalation.

2) Build an incident timeline

Begin from the first user-reported symptom time.
Review rows in strict time order around that moment.
Cross-check with related pages:
- Transactions for sale-side effects
- Finance for income/expense impact
- Company Employees for roster/role changes
Mark the first causal mutation and any follow-up corrections.

3) Spot suspicious patterns quickly

Look for:

repeated edits on the same endpoint in a short period
high-risk team/permission changes outside normal admin hours
many rapid delete/update mutations from one actor
“Other” events during incident windows that do not fit routine flow

When something looks suspicious, export CSV and capture evidence while the events are still in the log.

Common pitfalls

Treating Audit log as long-term archive — use CSV export for investigations you may need later.
Looking only at summary text and ignoring method/path context.
Ignoring timezone context when comparing with external reports.
Assuming missing rows mean no attempt happened (failed attempts are excluded).
Escalating without correlating with related routes and business events.

Audit log (/audit-log)