Skip to content

Audit Log API

Base URL: https://app.kvmfleet.io/v1

List audit entries

curl "https://app.kvmfleet.io/v1/audit?limit=50" \
  -H "Authorization: Bearer $TOKEN"

{
  "entries": [
    {
      "id": 1847,
      "event_type": "session.open",
      "actor_id": "usr_abc123",
      "actor_email": "admin@example.com",
      "detail": {"device_id": "dev_abc123", "device_name": "DC1-R3-S7"},
      "created_at": "2026-04-15T14:30:00Z",
      "hash": "a1b2c3..."
    }
  ],
  "total": 1847,
  "has_more": true
}

Query parameters

Param Description
limit Max entries to return (default 50, max 500)
offset Pagination offset
event_type Filter by event type (e.g. session.open)
actor_id Filter by user
start Start date (ISO 8601)
end End date (ISO 8601)

Example:

curl "https://app.kvmfleet.io/v1/audit?event_type=user.login&start=2026-04-01&end=2026-04-15" \
  -H "Authorization: Bearer $TOKEN"

Verify chain integrity

Verify the SHA-256 hash chain for a date range.

curl "https://app.kvmfleet.io/v1/audit/verify?start=2026-01-01&end=2026-03-31" \
  -H "Authorization: Bearer $TOKEN"

{
  "verified": true,
  "entries_checked": 1847,
  "first_id": 1,
  "last_id": 1847,
  "chain_start": "2026-01-01T00:00:12Z",
  "chain_end": "2026-03-31T23:58:44Z"
}

If the chain is broken:

{
  "verified": false,
  "entries_checked": 1200,
  "break_at_id": 1201,
  "error": "hash mismatch at entry 1201"
}

Event types

See Audit Chain: Event Types for the full list.