Overview
Every significant action in EdgeFlow SaaS is recorded in an immutable audit log.
The audit trail covers user authentication, device management, flow operations,
deployments, OTA updates, billing changes, and security events. Logs are queryable
by user, action type, resource, and date range.
Audit Log Entry
{
"id": "audit_abc123",
"organization_id": "org_xyz789",
"user_id": "usr_def456",
"action": "device.provision",
"resource_type": "device",
"resource_id": "dev_ghi789",
"status": "success",
"old_values": {},
"new_values": {
"device_id": "dev_ghi789",
"firmware_version": "1.2.3"
},
"ip_address": "192.168.1.100",
"user_agent": "Mozilla/5.0...",
"timestamp": "2026-02-21T12:00:00Z"
}
Action Types
User Actions
| Action | Description |
|---|
user.login | User logged in |
user.logout | User logged out |
user.register | New user registered |
user.update | Profile updated |
user.delete | User account deleted |
user.password_change | Password changed |
user.password_reset | Password reset requested |
user.mfa_enable | MFA enabled |
user.mfa_disable | MFA disabled |
Organization Actions
| Action | Description |
|---|
org.create | Organization created |
org.update | Organization settings updated |
org.delete | Organization deleted |
org.member_invite | Team member invited |
org.member_remove | Team member removed |
org.member_role_change | Member role changed |
Device Actions
| Action | Description |
|---|
device.provision | Device provisioned |
device.update | Device metadata updated |
device.delete | Device removed |
device.claim | Device claimed by organization |
device.unclaim | Device released from organization |
Flow & Deployment Actions
| Action | Description |
|---|
flow.create | Flow created |
flow.update | Flow definition updated |
flow.delete | Flow deleted |
flow.publish | Flow published for deployment |
deployment.create | Deployment created |
deployment.start | Deployment started |
deployment.pause | Deployment paused |
deployment.resume | Deployment resumed |
deployment.rollback | Deployment rolled back |
deployment.cancel | Deployment canceled |
OTA & API Key Actions
| Action | Description |
|---|
ota.upload | Firmware binary uploaded |
ota.initiate | OTA update initiated |
ota.rollback | OTA update rolled back |
api_key.create | API key generated |
api_key.revoke | API key revoked |
api_key.rotate | API key rotated |
Security Actions
| Action | Description |
|---|
security.breach | Security breach detected |
security.unauthorized_access | Unauthorized access attempt |
security.rate_limit_exceeded | Rate limit exceeded |
Billing Actions
| Action | Description |
|---|
billing.plan_change | Subscription plan changed |
billing.payment | Payment processed |
billing.invoice | Invoice generated |
Resource Types
Audit logs track actions against these resource types:
user — User accountsorganization — Organizations and teamsdevice — Edge devicesflow — Flow definitionsdeployment — Flow deploymentsproject — Projects within organizationsapi_key — API keysfirmware — Firmware binaries
Features
- Change Tracking — Old and new values recorded for every modification
- IP & User Agent — Client information logged for forensic analysis
- Queryable — Filter by user, action, resource type, date range
- Statistics — Aggregated audit activity reports
- Export — Download audit logs as JSON
- User Activity Summary — Per-user action history
- Security Reports — Filtered view of security-related events
- Retention — 30-90 day queryable history with archival