# Understanding Audit Logs

> Track every API request with full request/response details for debugging and compliance.

**Category:** dashboard | **Last updated:** March 13, 2026

---

The [Audit Logs](/app/audit-logs) page records every API request made with your API keys. Use it for debugging, compliance, and monitoring.

## What's logged

Every API call records:
- **Timestamp** — When the request was made
- **Method & Path** — `POST /api/validate`, `GET /api/ip/...`, etc.
- **API Key** — Which key was used (test or live)
- **Request body** — The full JSON payload you sent
- **Response body** — The full JSON response Fidro returned
- **Status code** — HTTP status (200, 400, 422, 429, etc.)
- **Response time** — How long the request took in milliseconds
- **IP address** — The IP that made the API call (your server's IP)
- **User agent** — The HTTP client used

## Common uses

### Debugging integration issues
If your integration isn't returning expected results, check the audit log to see the exact request and response. Common issues:
- Missing or malformed `Authorization` header
- Sending email in wrong field name
- IP address not being forwarded correctly from your load balancer

### Compliance and auditing
The audit log provides a complete record of every validation decision. Export logs for compliance reviews or internal audits.

### Monitoring usage
Track your request volume over time. The log shows both test and live requests, so you can see how much of your quota you're using.

## Exporting logs

Click the **Export** button to download your audit logs as a CSV file. This includes all fields for the selected time period.

## Retention

Audit logs are retained for 90 days. If you need longer retention for compliance, export regularly.