Skip to main content

Audit Data Access

This guide will show you how to search audit logs to govern data access.

Key concepts in this guide:

Getting Started

To get started, you will need a Basis Theory account.

Next you will need a Management Application in order to provision the components in this guide.

Click here to create a Management Application or login to your Basis Theory account and create a new application from the Full Management Access template.

Save the API Key from the created Management Application as it will be used in this guide to query audit logs.

Query Audit Logs

Basis Theory audits all activity within the system. This includes interactions with tokens, users, applications, and proxies. These logs can be valuable for auditors and security individuals who need to validate system and data access requirements.

Retrieve All Logs

We can list all audit logs by running the following your terminal:

curl "" \
Be sure to replace <API_KEY> with the Management API Key you created in the Getting Started step.

You should see a JSON response similar to:

"pagination": {...},
"data": [
"tenant_id": "77cb0024-123e-41a8-8ff8-a3d5a0fa8a08",
"actor_id": "fb124bba-f90d-45f0-9a59-5edca27b3b4a",
"actor_type": "application",
"entity_type": "token",
"entity_id": "c06d0789-0a38-40be-b7cc-c28a718f76f1",
"operation": "read",
"message": "Token retrieved",
"created_at": "2021-03-01T08:23:14+00:00"

The resulting logs shows several important pieces of information:

  • tenant_id: This is the ID of the tenant. All data and actions are contained within a tenant which is setup when creating a new account
  • actor_type: This identifies the actor type, typically a user or application
  • actor_id: This is the identifier of the actor, typically a user or application ID
  • entity_type: An entity is a application, tenant, token, etc. It is the resource type that was interacted with
  • entity_id: The entity identifier. This would be the application ID if the entity_type is application
  • operation: This is the operation taken on the resource. Typically it is create, read, update, and delete
  • message: This is helpful information about the action that can be used to help with troubleshooting or provide context
  • created_at: This is an ISO-8601 formatted timestamp of when the action occurred

Filter Audit Logs

We can apply filters to the Audit Logs query to refine the results.

Run the following in your terminal:

curl "" \

This will filter the audit logs down by the entity type token and retrieve logs after 2021-03-01. You can play with the other log filters to refine your results.


Using Audit Logs and log filters, you can pull information and generate reports which can be provided to auditors and security individuals who need to govern data access for compliance and regulatory requirements.

Learn More