Getting started
The Audit log API lets you pull configuration-change events for your instance and ingest them into a SIEM or other tooling. This page walks through a first pull and then ongoing, incremental polling.
For the full reference: event schema, rate limits, pagination, and webhook events, see the Audit log API overview.
Before you begin
You’ll need to generate a Platform API key to call the API.
Pull a window of events
Request events for a time window of up to 30 days. Results come back newest first.
start_date is required, and the window between start_date and end_date cannot exceed 30 days. When end_date is omitted it defaults to the request time.
Page through the results
Each response includes a meta.next_page_url. Replay it verbatim to fetch the next page, and keep going until next_page_url is null, which marks the last page.
Do not modify the URL between pages. The time window and cursor are encoded in it, and changing them returns a 400.
Poll incrementally
For ongoing ingestion, store the newest timestamp already retrieved. On the next run, set start_date to just after that value and follow next_page_url until it is null.
Poll on a steady cadence, for example every few minutes. The endpoint allows 10 requests per second, 120 per minute, and 40,000 per day. A 429 response means a limit was exceeded, so back off and retry.
Backfill older history
A single request covers at most 30 days. To load more history, issue successive requests over adjacent 30-day windows, walking backward in time until you reach the earliest data you need.
Receive events in real time (optional)
To react to changes as they happen, subscribe to the v1.audit_log.emitted webhook in the Ada dashboard. Delivery is best-effort, so continue to use the pull API as the durable record for reconciliation. See webhook support.