> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sub.jerrylu.app/llms.txt
> Use this file to discover all available pages before exploring further.

# List audit log

> Returns the audit trail of write operations performed through the API, newest first, with before/after state in metadata.



## OpenAPI

````yaml /api/openapi.yaml get /api/v1/audit
openapi: 3.1.0
info:
  title: Subscription Manager Public API
  version: 1.0.0
  description: >-
    Public API for subscription CRUD automation through Developer API keys. The
    operation descriptions include AI-oriented task semantics, risk levels, and
    confirmation guidance for agent integrations.
servers:
  - url: https://your-site.example
    description: Replace with your deployed Subscription Manager site URL.
security:
  - bearerApiKey: []
tags:
  - name: Subscriptions
    description: Create, read, update, and delete subscriptions for the API key owner.
    x-ai:
      domain: subscription_management
      ownerScope: authenticated_api_key_owner
      writeSafety: >-
        Confirm create, update, cancel, pause, resume, and delete operations
        with the user before calling them from an AI agent. Write operations
        require an API key with the write scope.
  - name: Analytics
    description: >-
      Computed spend summaries, duplicate detection, and optimization
      candidates. Read-only; money is reported per currency and never converted.
  - name: Audit
    description: Read-only audit trail of write operations performed through the API.
paths:
  /api/v1/audit:
    get:
      tags:
        - Audit
      summary: List audit log
      description: >-
        Returns the audit trail of write operations performed through the API,
        newest first, with before/after state in metadata.
      operationId: listAuditLog
      parameters:
        - name: limit
          in: query
          required: false
          description: Maximum number of audit entries to return (1-100, default 50).
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 50
        - name: offset
          in: query
          required: false
          description: Number of entries to skip from the start.
          schema:
            type: integer
            minimum: 0
            default: 0
        - name: subscriptionId
          in: query
          required: false
          description: Only return audit entries for this subscription.
          schema:
            type: string
            format: uuid
      responses:
        '200':
          description: Audit entries returned.
          headers:
            X-RateLimit-Limit:
              $ref: '#/components/headers/XRateLimitLimit'
            X-RateLimit-Remaining:
              $ref: '#/components/headers/XRateLimitRemaining'
            X-RateLimit-Reset:
              $ref: '#/components/headers/XRateLimitReset'
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditListResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '429':
          $ref: '#/components/responses/RateLimited'
        '500':
          $ref: '#/components/responses/InternalError'
components:
  headers:
    XRateLimitLimit:
      description: Total allowed requests in the current fixed window.
      schema:
        type: integer
        example: 60
    XRateLimitRemaining:
      description: Requests remaining in the current fixed window.
      schema:
        type: integer
        example: 59
    XRateLimitReset:
      description: Unix timestamp in seconds when the fixed window resets.
      schema:
        type: integer
        example: 1781690400
    RetryAfter:
      description: >-
        Seconds to wait before retrying. Sent with 429 responses, including when
        too many invalid API key attempts are throttled.
      schema:
        type: integer
        example: 2700
  schemas:
    AuditListResponse:
      type: object
      required:
        - data
        - pagination
        - requestId
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/AuditEntry'
        pagination:
          $ref: '#/components/schemas/Pagination'
        requestId:
          type: string
      additionalProperties: false
    AuditEntry:
      type: object
      properties:
        id:
          type: string
          format: uuid
        action:
          type: string
          enum:
            - subscription.create
            - subscription.update
            - subscription.delete
        subscriptionId:
          type: string
          format: uuid
        apiKeyId:
          type: string
          format: uuid
        requestId:
          type: string
        metadata:
          type: object
          additionalProperties: true
          description: >-
            Operation context. Holds before, after, and patch snapshots when
            available.
        createdAt:
          type: string
          format: date-time
    Pagination:
      type: object
      required:
        - limit
        - offset
        - hasMore
      properties:
        limit:
          type: integer
          minimum: 1
          maximum: 100
          description: Page size that was applied to this response.
        offset:
          type: integer
          minimum: 0
          description: Number of records skipped before this page.
        hasMore:
          type: boolean
          description: >-
            True when at least one more record exists past this page. Fetch the
            next page with offset + limit.
      additionalProperties: false
    ErrorResponse:
      type: object
      required:
        - error
        - requestId
      properties:
        error:
          $ref: '#/components/schemas/Error'
        requestId:
          type: string
      additionalProperties: false
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
        message:
          type: string
        field:
          type: string
          description: Field that caused the error when the server can identify one.
        suggestedFix:
          type: string
          description: Human- and AI-readable correction hint.
        allowedValues:
          type: array
          items:
            type: string
          description: Allowed enum values when the error is caused by an unsupported enum.
        writableFields:
          type: array
          items:
            type: string
          description: >-
            Writable subscription fields when the error is caused by a
            non-writable field.
      additionalProperties: false
  responses:
    BadRequest:
      description: >-
        The request payload or path parameter is invalid. Validation failures
        are rejected before the hourly quota is consumed, so they do not carry
        rate-limit headers.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            invalidField:
              value:
                error:
                  code: invalid_subscription_field
                  message: 'Field is not writable: nextPaymentDate'
                  field: nextPaymentDate
                  suggestedFix: >-
                    Remove server-managed fields such as id, nextPaymentDate,
                    createdAt, and updatedAt before retrying.
                  writableFields:
                    - amount
                    - category
                    - currency
                    - customDate
                    - lastPaymentDate
                    - name
                    - notificationEnabled
                    - period
                    - status
                requestId: request-1
            invalidPeriod:
              value:
                error:
                  code: invalid_subscription
                  message: Invalid option
                  field: period
                  suggestedFix: >-
                    Use one of the supported billing periods: monthly, yearly,
                    custom.
                  allowedValues:
                    - monthly
                    - yearly
                    - custom
                requestId: request-1
            invalidPagination:
              value:
                error:
                  code: invalid_pagination
                  message: limit cannot exceed 100
                  field: limit
                  suggestedFix: >-
                    Use limit between 1 and 100 and a non-negative offset, for
                    example ?limit=50&offset=0.
                requestId: request-1
    Unauthorized:
      description: The API key is missing, invalid, or revoked.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            invalidApiKey:
              value:
                error:
                  code: invalid_api_key
                  message: Invalid API key
                requestId: request-1
    RateLimited:
      description: The user request limit or invalid-auth attempt limit was exceeded.
      headers:
        X-RateLimit-Limit:
          $ref: '#/components/headers/XRateLimitLimit'
        X-RateLimit-Remaining:
          $ref: '#/components/headers/XRateLimitRemaining'
        X-RateLimit-Reset:
          $ref: '#/components/headers/XRateLimitReset'
        Retry-After:
          $ref: '#/components/headers/RetryAfter'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            rateLimited:
              value:
                error:
                  code: rate_limit_exceeded
                  message: Rate limit exceeded
                requestId: request-1
            tooManyInvalidKeys:
              value:
                error:
                  code: rate_limit_exceeded
                  message: Too many invalid API key attempts
                requestId: request-1
    InternalError:
      description: Unexpected server error.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          examples:
            internal:
              value:
                error:
                  code: internal_error
                  message: Internal server error
                requestId: request-1
  securitySchemes:
    bearerApiKey:
      type: http
      scheme: bearer
      description: >-
        Developer API key generated in the app. Keys carry scopes; a read key
        can call list, get, analytics, and audit endpoints, while a write key
        additionally allows create, update, cancel, pause, resume, and delete.
      x-default: subm_your_key_here

````