# Audit Log (/docs/organizations/audit-log) Layers records every action taken via a **partner API key** in the `partner_audit_events` log. This is surfaced through the Partner API at `GET /partner/v1/audit-log`. A customer-facing audit log for in-app actions (member changes, billing events, project lifecycle, etc.) is not yet built out. The UI action audit claims you may have seen previously are aspirational. ## What gets logged today [#what-gets-logged-today] The partner audit stream captures events triggered by API keys, including: * Authentication events (`auth.scope_denied`, `auth.rate_limited`, etc.). * Resource create / update / delete operations performed via the Partner API (projects, ad accounts, scheduled posts, etc.). * Key-management events (creation, rotation, revocation). ## Fields [#fields] | Field | Description | | ----------------------- | ----------------------------------------------------------------- | | `event_id` | Unique event ID (ULID). | | `request_id` | Correlates with the `x-request-id` header on the triggering call. | | `event_type` | Dotted string (e.g. `scheduled_post.created`). | | `actor` | The actor that performed the action (API key ID or system). | | `api_key_id` | The partner key used (nullable). | | `org_id` / `project_id` | Scoping fields. | | `data` | JSON payload specific to the event type. | | `pii_redacted` | Whether the payload has had PII stripped. | | `occurred_at` | Event timestamp. | ## Access [#access] The partner audit log is only accessible via a partner API key scoped to the organization. See the [Partner API reference](/docs/api). ## Enterprise needs [#enterprise-needs] If you need end-to-end audit coverage for member changes, billing actions, or SIEM export (S3 / GCS push), contact Layers — that surface is on the roadmap but not yet in the product.