Sign InGet Started
Search
⌘K
Get Started Platform Dashboard Developer Guides API Reference UI Widgets SDKs Providers
Legal Flow Changelog Roadmap
For Developers

The Audit Logs API

Daniel Zapata
By Daniel Zapata
Last Updated June 17th, 2026
Report an Issue

This model is part of an upcoming API update which is currently in beta and therefore subject to change.

Audit Logs help you record a durable, structured history of the actions that happen across your application and within Edlink. The core action for Audit Logs is you sending us Events, whose accepted format can optionally be controlled by a Schema. Audit Logs empower you to answer key questions about what's going on in your platform, and who is doing it. With Edlink's automatic analysis and enrichment of Event data, you'll also get automatic warnings for suspicious activity.

An Event describing a user "submitting an assignment" might look like this:

{
    "action": "assignment.submit",
    "actor": {
        "identifiers": [
            { "value": "00000000-0000-0000-0000-000000000000", "issuer": "edlink" }
        ],
        "type": "person"
    },
    "targets": [
        { "identifiers": [{ "value": "123", "issuer": "acme" }], "type": "assignment" },
        { "identifiers": [{ "value": "ABC", "issuer": "acme" }], "type": "class" }
    ],
    "scope": {
        "id": "00000000-0000-0000-0000-000000000000",
        "type": "integration"
    },
    "context": {
        "source": "client",
        "user_agent": "Ladybird",
        "http_method": "POST",
        "http_status": 201,
        "path": "/our/custom/submit/function/path",
        "ip": "1.1.1.1",
        "query": "?title=Test"
    },
    "data": {
        "assignment_title": "Test",
        "student_work_url": "https://example.com/work",
    }
}

Every Event is identified by an action, which is a customer-defined string (like assignment.submit or login). The action implicitly carries a type of other until you define a Schema for that action and specify the type. Defining a Schema is recommended but not required.

Use Cases

  • Incident investigation: Help a school or system administrator answer the question — "What did this compromised user account do for the duration it was compromised?" — by querying all Events attributed to a specific actor within a time window.
  • User activity tracking: Record key user lifecycle events such as logins and logouts, as well as permissions management — for example, when a user changes another user's role or group membership, or modifies the access level of a piece of content or object.
  • Automated system event log: Maintain a clear record of what your automated processes (background jobs, scheduled tasks, service accounts) changed across your application, such as assignment/grade updates or class enrollment modifications.
  • Anomaly detection: Edlink automatically analyzes incoming Events and can flag suspicious patterns, such as events suddenly originating from unexpected or high-risk IP addresses.

Limitations

  • US region only: Audit Logs are currently available exclusively in the US region.
  • 30-day retention: Events are stored for 30 days, after which they are permanently deleted.
  • Best-effort event delivery: Events are delivered on a best-effort basis and are not guaranteed to be recorded in all cases (e.g. during outages or periods of high load).
Audit Log Schemas Reference
API Reference
Read More
Audit Log Events Reference
API Reference
Read More