# Audit Logs

## Query audit logs

> Returns audit log entries for the current account.\
> \
> Supports filtering by resource type, resource id, source, action/event, user, and time range.

```json
{"openapi":"3.1.0","info":{"title":"Audit Logs","version":"1.0.0"},"servers":[{"url":"https://api.integrator.io","description":"Production (US / default region)"},{"url":"https://api.eu.integrator.io","description":"Production (EU region)"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"parameters":{"Include":{"name":"include","in":"query","required":false,"description":"Comma-separated list of fields to project into each returned record.\nTriggers **summary projection** on supported list endpoints: the server\nreturns a minimal identity set for each record (`_id`, `name`, plus a\nresource-specific always-on set like `adaptorType` on exports/imports,\nor richer defaults on `ashares`, `audit`, `httpconnectors`, `transfers`,\netc.) and adds any listed fields that exist on the record. Listed fields\nthe record doesn't carry are silently dropped.\n\nDot notation is supported for projecting nested sub-fields — e.g.\n`include=ftp.directoryPath` on `/v1/exports` returns just that nested\nfield inside `ftp` for FTP-type exports (and omits `ftp` entirely for\nnon-FTP exports).\n\nRules:\n- Value regex is `{a-z A-Z . _}` (letters, dots, underscores) plus the\n  comma separator; digits are also accepted in practice. Any other\n  character returns **400 `invalid_query_params`**.\n- Empty value (`include=`) or bare `include` is ignored — the full\n  default record is returned.\n- `include` and `exclude` are **mutually exclusive**. Passing both\n  returns **400 `invalid_query_params`**: *\"Please provide either\n  include or exclude param in the request query and not both.\"*\n- Array-bracket syntax (`include[]=...`) is not supported and can return\n  a 500.\n- Only list endpoints honor projection — on GET-by-id the parameter is\n  silently ignored.\n- A small set of list endpoints explicitly reject both `include` and\n  `exclude` with **400 `invalid_query_params`** and a message of the form\n  *\"Include or exclude query params are not applicable for `<resource>`\n  resource.\"* Known rejections: `/v1/ediprofiles`, `/v1/environments`,\n  `/v1/iClients`, `/v1/lookupcaches`, `/v1/tags`.","schema":{"type":"string"}},"Exclude":{"name":"exclude","in":"query","required":false,"description":"Comma-separated list of fields to remove from the default response on\nsupported list endpoints. Unlike `include`, `exclude` does NOT trigger\nsummary projection — callers get the standard full-record shape with the\nnamed fields stripped out.\n\nRules:\n- Value regex is `{a-z A-Z . _}` (letters, dots, underscores) plus the\n  comma separator; digits are also accepted in practice. Any other\n  character returns **400 `invalid_query_params`**.\n- Empty value (`exclude=`) is ignored.\n- Certain protected identity fields **cannot be stripped** — e.g.\n  `exclude=name` on `/v1/exports` is silently ignored and `name` remains\n  in the response. Protected sets vary per resource.\n- `include` and `exclude` are **mutually exclusive**. Passing both\n  returns **400 `invalid_query_params`**: *\"Please provide either\n  include or exclude param in the request query and not both.\"*\n- Only list endpoints honor stripping — on GET-by-id the parameter is\n  silently ignored.\n- A small set of list endpoints explicitly reject both `include` and\n  `exclude` with **400 `invalid_query_params`** and a message of the form\n  *\"Include or exclude query params are not applicable for `<resource>`\n  resource.\"* Known rejections: `/v1/ediprofiles`, `/v1/environments`,\n  `/v1/iClients`, `/v1/lookupcaches`, `/v1/tags`.","schema":{"type":"string"}}},"schemas":{"AuditEntry":{"type":"object","description":"An audit log entry.","properties":{"_id":{"type":"string","format":"objectId","readOnly":true,"description":"Audit entry id."},"byUser":{"type":"object","readOnly":true,"description":"Populated actor identity on read routes (`GET /v1/audit`,\n`GET /v1/{resourceType}/{_id}/audit`). Only the three fields below\nare returned — full user documents are not embedded.\n\nNote: filter query parameters on these routes use `_byUserId` (a\nstring id), but the returned entry carries `byUser` (the populated\nobject). The `_byUserId` field itself is not present in responses.","properties":{"_id":{"type":"string","format":"objectId","description":"User id of the actor."},"email":{"type":"string","description":"Actor email at the time of the action."},"name":{"type":"string","description":"Actor display name at the time of the action."}}},"resourceType":{"type":"string","readOnly":true,"description":"Resource type (e.g., `integration`, `flow`, `connection`)."},"_resourceId":{"type":"string","format":"objectId","readOnly":true,"description":"Resource id the audit entry applies to."},"source":{"type":"string","readOnly":true,"description":"Source of the change (e.g., `ui`, `api`, `system`, `connector`, `script`, `sso`)."},"support":{"type":"boolean","readOnly":true,"description":"Whether the action was performed by support tooling/context."},"fieldChanges":{"type":"array","readOnly":true,"description":"List of field-level changes (when applicable).","items":{"$ref":"#/components/schemas/FieldChange"}},"deletedInfo":{"$ref":"#/components/schemas/DeletedInfo"},"event":{"type":"string","readOnly":true,"description":"Audit event type.","enum":["create","update","delete","view","restore","purge","signin","signout","purgelogs"]},"time":{"type":"string","format":"date-time","readOnly":true,"description":"Timestamp when the action occurred."}}},"FieldChange":{"type":"object","description":"A single field-level change within an audit entry.","properties":{"fieldPath":{"type":"string","description":"Dot-path to the changed field (e.g., `settings.foo.bar`)."},"oldValue":{"description":"Previous value (may be any JSON type)."},"newValue":{"description":"New value (may be any JSON type)."}}},"DeletedInfo":{"type":"object","description":"Extra context recorded for delete events (when available).","properties":{"name":{"type":"string","description":"Name of the deleted resource (if available)."},"_integrationId":{"type":"string","format":"objectId","description":"Integration id context (for flow/sync-related events)."},"_abstractFlowId":{"type":"string","format":"objectId","description":"Abstract flow id (for instance flow events)."},"_syncId":{"type":"string","format":"objectId","description":"Sync id context (for dataset events)."}}}},"responses":{"401-unauthorized":{"description":"Unauthorized. The request lacks a valid bearer token, or the provided token\nfailed to authenticate.\n\nNote: the 401 response is produced by the auth middleware **before** the\nrequest reaches the endpoint handler, so it does **not** follow the\nstandard `{errors: [...]}` envelope. Instead the body is a bare\n`{message: string}` object with no `code`, no `errors` array. Callers\nhandling 401s should key off the HTTP status and the `message` string,\nnot try to destructure an `errors[]`.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable description of the auth failure. Known values:\n- `\"Unauthorized\"` — no `Authorization` header on the request.\n- `\"Bearer Authentication Failed\"` — header present but token\n  is invalid, revoked, or expired."}},"required":["message"]}}}}}},"paths":{"/v1/audit":{"get":{"summary":"Query audit logs","operationId":"getAuditLogs","tags":["Audit Logs"],"description":"Returns audit log entries for the current account.\n\nSupports filtering by resource type, resource id, source, action/event, user, and time range.","parameters":[{"name":"limit","in":"query","required":false,"schema":{"type":"integer","minimum":1,"maximum":1000,"default":100},"description":"Maximum number of audit entries to return."},{"name":"offset","in":"query","required":false,"schema":{"type":"integer","minimum":0,"default":0},"description":"Pagination offset (for clients that use offset-based pagination)."},{"name":"resourceType","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by resource type (e.g., `integration`, `flow`, `connection`)."},{"name":"_resourceId","in":"query","required":false,"schema":{"type":"string","format":"objectId"},"description":"Filter by a specific resource id."},{"name":"_byUserId","in":"query","required":false,"description":"Filter by the user who performed the action. Some implementations\nalso accept the string `support` to filter support actions.","schema":{"type":"string"}},{"name":"source","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by source (e.g., `ui`, `api`, `system`, `connector`, `script`, `sso`)."},{"name":"action","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by action/event (e.g., `create`, `update`, `delete`, `signin`, `signout`)."},{"name":"from","in":"query","required":false,"schema":{"type":"string"},"description":"Start timestamp (ISO-8601 string)."},{"name":"to","in":"query","required":false,"schema":{"type":"string"},"description":"End timestamp (ISO-8601 string)."},{"$ref":"#/components/parameters/Include"},{"$ref":"#/components/parameters/Exclude"}],"responses":{"200":{"description":"Audit entries","headers":{"Link":{"description":"Pagination links (when present).","schema":{"type":"string"}}},"content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/AuditEntry"}}}}},"204":{"description":"No audit entries found"},"401":{"$ref":"#/components/responses/401-unauthorized"}}}}}}
```

## Get signed URL to download audit logs CSV (all documents)

> Generates a signed URL for downloading a CSV export of audit logs across all documents.\
> \
> The CSV contains fields: Time, Source, User, Resource, Name/ID, Action, Field, Old value, New value, Support.\
> \
> Each file is capped at \~20 000 rows. When \`hasMore\` is \`true\`, take the\
> timestamp of the last CSV row and pass it as the \`to\` query parameter to\
> fetch the next batch.

```json
{"openapi":"3.1.0","info":{"title":"Audit Logs","version":"1.0.0"},"servers":[{"url":"https://api.integrator.io","description":"Production (US / default region)"},{"url":"https://api.eu.integrator.io","description":"Production (EU region)"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"SignedUrlResponse":{"type":"object","description":"Response containing a signed URL for downloading an audit CSV export.\n\nEach CSV is capped at roughly 20 000 rows. When `hasMore` is `true`,\npass the timestamp of the last row as the `to` query parameter on the\nnext request to fetch the next batch.","properties":{"signedURL":{"type":"string","description":"Signed URL to download the CSV. The link expires after 15 minutes."},"hasMore":{"type":"boolean","description":"`true` when the result set exceeded the per-file row limit (~20 000 rows)\nand additional batches remain. To paginate, take the timestamp of the\nlast CSV row and pass it as the `to` query parameter on your next request."}}}},"responses":{"401-unauthorized":{"description":"Unauthorized. The request lacks a valid bearer token, or the provided token\nfailed to authenticate.\n\nNote: the 401 response is produced by the auth middleware **before** the\nrequest reaches the endpoint handler, so it does **not** follow the\nstandard `{errors: [...]}` envelope. Instead the body is a bare\n`{message: string}` object with no `code`, no `errors` array. Callers\nhandling 401s should key off the HTTP status and the `message` string,\nnot try to destructure an `errors[]`.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable description of the auth failure. Known values:\n- `\"Unauthorized\"` — no `Authorization` header on the request.\n- `\"Bearer Authentication Failed\"` — header present but token\n  is invalid, revoked, or expired."}},"required":["message"]}}}}}},"paths":{"/v1/audit/signedURL":{"get":{"summary":"Get signed URL to download audit logs CSV (all documents)","operationId":"getAuditSignedUrlAll","tags":["Audit Logs"],"description":"Generates a signed URL for downloading a CSV export of audit logs across all documents.\n\nThe CSV contains fields: Time, Source, User, Resource, Name/ID, Action, Field, Old value, New value, Support.\n\nEach file is capped at ~20 000 rows. When `hasMore` is `true`, take the\ntimestamp of the last CSV row and pass it as the `to` query parameter to\nfetch the next batch.","parameters":[{"name":"resourceType","in":"query","required":false,"schema":{"type":"string"},"description":"Optional filter by resource type."},{"name":"_byUserId","in":"query","required":false,"schema":{"type":"string"},"description":"Optional filter by the user who performed the actions."},{"name":"_resourceId","in":"query","required":false,"schema":{"type":"string"},"description":"Optional filter by resource id."},{"name":"from","in":"query","required":false,"schema":{"type":"string"},"description":"Start timestamp."},{"name":"to","in":"query","required":false,"schema":{"type":"string"},"description":"End timestamp."},{"name":"action","in":"query","required":false,"schema":{"type":"string"},"description":"Action/event filter."}],"responses":{"200":{"description":"Signed URL response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SignedUrlResponse"}}}},"401":{"$ref":"#/components/responses/401-unauthorized"}}}}}}
```

## Get audit log for a resource (and descendants)

> Returns audit log entries for a specific resource (and, for some resource types, its descendants).\
> \
> Example: integration audit can include changes to the integration and related resources.

```json
{"openapi":"3.1.0","info":{"title":"Audit Logs","version":"1.0.0"},"servers":[{"url":"https://api.integrator.io","description":"Production (US / default region)"},{"url":"https://api.eu.integrator.io","description":"Production (EU region)"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"AuditEntry":{"type":"object","description":"An audit log entry.","properties":{"_id":{"type":"string","format":"objectId","readOnly":true,"description":"Audit entry id."},"byUser":{"type":"object","readOnly":true,"description":"Populated actor identity on read routes (`GET /v1/audit`,\n`GET /v1/{resourceType}/{_id}/audit`). Only the three fields below\nare returned — full user documents are not embedded.\n\nNote: filter query parameters on these routes use `_byUserId` (a\nstring id), but the returned entry carries `byUser` (the populated\nobject). The `_byUserId` field itself is not present in responses.","properties":{"_id":{"type":"string","format":"objectId","description":"User id of the actor."},"email":{"type":"string","description":"Actor email at the time of the action."},"name":{"type":"string","description":"Actor display name at the time of the action."}}},"resourceType":{"type":"string","readOnly":true,"description":"Resource type (e.g., `integration`, `flow`, `connection`)."},"_resourceId":{"type":"string","format":"objectId","readOnly":true,"description":"Resource id the audit entry applies to."},"source":{"type":"string","readOnly":true,"description":"Source of the change (e.g., `ui`, `api`, `system`, `connector`, `script`, `sso`)."},"support":{"type":"boolean","readOnly":true,"description":"Whether the action was performed by support tooling/context."},"fieldChanges":{"type":"array","readOnly":true,"description":"List of field-level changes (when applicable).","items":{"$ref":"#/components/schemas/FieldChange"}},"deletedInfo":{"$ref":"#/components/schemas/DeletedInfo"},"event":{"type":"string","readOnly":true,"description":"Audit event type.","enum":["create","update","delete","view","restore","purge","signin","signout","purgelogs"]},"time":{"type":"string","format":"date-time","readOnly":true,"description":"Timestamp when the action occurred."}}},"FieldChange":{"type":"object","description":"A single field-level change within an audit entry.","properties":{"fieldPath":{"type":"string","description":"Dot-path to the changed field (e.g., `settings.foo.bar`)."},"oldValue":{"description":"Previous value (may be any JSON type)."},"newValue":{"description":"New value (may be any JSON type)."}}},"DeletedInfo":{"type":"object","description":"Extra context recorded for delete events (when available).","properties":{"name":{"type":"string","description":"Name of the deleted resource (if available)."},"_integrationId":{"type":"string","format":"objectId","description":"Integration id context (for flow/sync-related events)."},"_abstractFlowId":{"type":"string","format":"objectId","description":"Abstract flow id (for instance flow events)."},"_syncId":{"type":"string","format":"objectId","description":"Sync id context (for dataset events)."}}},"Error":{"type":"object","description":"Standard error response envelope returned by integrator.io APIs.","properties":{"errors":{"type":"array","description":"List of errors that occurred while processing the request.","items":{"type":"object","properties":{"code":{"oneOf":[{"type":"string"},{"type":"integer"}],"description":"Machine-readable error code. Usually a string like\n`invalid_ref`, `missing_required_field`, or `unauthorized`;\nmay be an **integer** when the error mirrors an upstream HTTP\nstatus (e.g. `500`) — most commonly returned by connection-ping\nand adaptor-proxy responses."},"message":{"type":"string","description":"Human-readable description of the error."},"field":{"type":"string","description":"Optional pointer to the document field that caused the error.\nUsed by structural validation errors (`missing_required_field`,\n`invalid_ref`) to indicate which field is at fault\n(e.g. `_id`, `type`, `http.baseURI`)."},"source":{"type":"string","description":"Optional origin layer for the error — e.g. `application` when\nthe error came from the remote system the adaptor called,\n`connector` when the adaptor itself rejected the request."}},"required":["message"]}}},"required":["errors"]}},"responses":{"400-bad-request":{"description":"Bad request. The server could not understand the request because of malformed syntax or invalid parameters.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401-unauthorized":{"description":"Unauthorized. The request lacks a valid bearer token, or the provided token\nfailed to authenticate.\n\nNote: the 401 response is produced by the auth middleware **before** the\nrequest reaches the endpoint handler, so it does **not** follow the\nstandard `{errors: [...]}` envelope. Instead the body is a bare\n`{message: string}` object with no `code`, no `errors` array. Callers\nhandling 401s should key off the HTTP status and the `message` string,\nnot try to destructure an `errors[]`.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable description of the auth failure. Known values:\n- `\"Unauthorized\"` — no `Authorization` header on the request.\n- `\"Bearer Authentication Failed\"` — header present but token\n  is invalid, revoked, or expired."}},"required":["message"]}}}},"404-not-found":{"description":"Not found. The requested resource does not exist or is not visible to the caller.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}}}},"paths":{"/v1/{resourceType}/{_id}/audit":{"get":{"summary":"Get audit log for a resource (and descendants)","operationId":"getAuditForResource","tags":["Audit Logs"],"description":"Returns audit log entries for a specific resource (and, for some resource types, its descendants).\n\nExample: integration audit can include changes to the integration and related resources.","parameters":[{"name":"resourceType","in":"path","required":true,"schema":{"type":"string"},"description":"Plural resource type (e.g., `integrations`, `flows`, `connections`)."},{"name":"_id","in":"path","required":true,"description":"Resource id (ObjectId string for most resources; may be `none` in some contexts).","schema":{"type":"string","format":"objectId"}},{"name":"limit","in":"query","required":false,"description":"Maximum number of audit entries to return.","schema":{"type":"integer","minimum":1,"maximum":1000,"default":100}},{"name":"offset","in":"query","required":false,"description":"Pagination offset (for clients that use offset-based pagination).","schema":{"type":"integer","minimum":0,"default":0}},{"name":"from","in":"query","required":false,"schema":{"type":"string"},"description":"Start timestamp (ISO-8601 string)."},{"name":"to","in":"query","required":false,"schema":{"type":"string"},"description":"End timestamp (ISO-8601 string)."},{"name":"action","in":"query","required":false,"schema":{"type":"string"},"description":"Filter by action/event."}],"responses":{"200":{"description":"Audit entries","headers":{"Link":{"description":"Pagination links (when present).","schema":{"type":"string"}}},"content":{"application/json":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/AuditEntry"}}}}},"204":{"description":"No audit entries found"},"400":{"$ref":"#/components/responses/400-bad-request"},"401":{"$ref":"#/components/responses/401-unauthorized"},"404":{"$ref":"#/components/responses/404-not-found"}}}}}}
```

## Get signed URL to download audit logs CSV (for selected resources)

> Generates a signed URL for downloading a CSV export of audit logs for specific resources (and descendants).\
> \
> This is used for resource-level downloads (e.g., "download audit logs for these flows").\
> \
> Each file is capped at \~20 000 rows. When \`hasMore\` is \`true\`, take the\
> timestamp of the last CSV row and pass it as the \`to\` query parameter to\
> fetch the next batch.

```json
{"openapi":"3.1.0","info":{"title":"Audit Logs","version":"1.0.0"},"servers":[{"url":"https://api.integrator.io","description":"Production (US / default region)"},{"url":"https://api.eu.integrator.io","description":"Production (EU region)"}],"security":[{"bearerAuth":[]}],"components":{"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer"}},"schemas":{"AuditDownloadRequest":{"type":"object","description":"Request body for `POST /v1/{resourceType}/audit/signedURL`.\n\nAI guidance:\n- Provide `_resourceIds` as a list of ids you want audit logs for.\n- You can optionally include filters like time range and event/action.","properties":{"_resourceIds":{"type":"array","description":"List of resource ids to include in the audit export.","items":{"type":"string"}},"from":{"type":"string","description":"Start timestamp (ISO-8601 string)."},"to":{"type":"string","description":"End timestamp (ISO-8601 string)."},"action":{"type":"string","description":"Event/action filter."},"resourceType":{"type":"string","description":"Resource type filter (if applicable)."},"source":{"type":"string","description":"Source filter."},"_byUserId":{"type":"string","description":"Filter by actor user id (or `support`)."}},"required":["_resourceIds"]},"SignedUrlResponse":{"type":"object","description":"Response containing a signed URL for downloading an audit CSV export.\n\nEach CSV is capped at roughly 20 000 rows. When `hasMore` is `true`,\npass the timestamp of the last row as the `to` query parameter on the\nnext request to fetch the next batch.","properties":{"signedURL":{"type":"string","description":"Signed URL to download the CSV. The link expires after 15 minutes."},"hasMore":{"type":"boolean","description":"`true` when the result set exceeded the per-file row limit (~20 000 rows)\nand additional batches remain. To paginate, take the timestamp of the\nlast CSV row and pass it as the `to` query parameter on your next request."}}},"Error":{"type":"object","description":"Standard error response envelope returned by integrator.io APIs.","properties":{"errors":{"type":"array","description":"List of errors that occurred while processing the request.","items":{"type":"object","properties":{"code":{"oneOf":[{"type":"string"},{"type":"integer"}],"description":"Machine-readable error code. Usually a string like\n`invalid_ref`, `missing_required_field`, or `unauthorized`;\nmay be an **integer** when the error mirrors an upstream HTTP\nstatus (e.g. `500`) — most commonly returned by connection-ping\nand adaptor-proxy responses."},"message":{"type":"string","description":"Human-readable description of the error."},"field":{"type":"string","description":"Optional pointer to the document field that caused the error.\nUsed by structural validation errors (`missing_required_field`,\n`invalid_ref`) to indicate which field is at fault\n(e.g. `_id`, `type`, `http.baseURI`)."},"source":{"type":"string","description":"Optional origin layer for the error — e.g. `application` when\nthe error came from the remote system the adaptor called,\n`connector` when the adaptor itself rejected the request."}},"required":["message"]}}},"required":["errors"]}},"responses":{"400-bad-request":{"description":"Bad request. The server could not understand the request because of malformed syntax or invalid parameters.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/Error"}}}},"401-unauthorized":{"description":"Unauthorized. The request lacks a valid bearer token, or the provided token\nfailed to authenticate.\n\nNote: the 401 response is produced by the auth middleware **before** the\nrequest reaches the endpoint handler, so it does **not** follow the\nstandard `{errors: [...]}` envelope. Instead the body is a bare\n`{message: string}` object with no `code`, no `errors` array. Callers\nhandling 401s should key off the HTTP status and the `message` string,\nnot try to destructure an `errors[]`.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","description":"Human-readable description of the auth failure. Known values:\n- `\"Unauthorized\"` — no `Authorization` header on the request.\n- `\"Bearer Authentication Failed\"` — header present but token\n  is invalid, revoked, or expired."}},"required":["message"]}}}}}},"paths":{"/v1/{resourceType}/audit/signedURL":{"post":{"summary":"Get signed URL to download audit logs CSV (for selected resources)","operationId":"getAuditSignedUrlForResources","tags":["Audit Logs"],"description":"Generates a signed URL for downloading a CSV export of audit logs for specific resources (and descendants).\n\nThis is used for resource-level downloads (e.g., \"download audit logs for these flows\").\n\nEach file is capped at ~20 000 rows. When `hasMore` is `true`, take the\ntimestamp of the last CSV row and pass it as the `to` query parameter to\nfetch the next batch.","parameters":[{"name":"resourceType","in":"path","required":true,"schema":{"type":"string"},"description":"Plural resource type (e.g., `flows`, `integrations`)."}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AuditDownloadRequest"}}}},"responses":{"200":{"description":"Signed URL response","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SignedUrlResponse"}}}},"400":{"$ref":"#/components/responses/400-bad-request"},"401":{"$ref":"#/components/responses/401-unauthorized"}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developer.celigo.com/api/api-reference/audit-logs.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.