AuditLedge Docs

Documentation for AuditLedge — production-grade audit logs for SaaS

View the Project on GitHub auditledge/auditledge-docs

Authentication

Every request to the Auditledge API must include an API key.


API keys

API keys are generated per account in the Dashboard → API Keys page. Each key:

Sending the key

Pass the key as a Bearer token in the Authorization header on every request:

Authorization: Bearer al_your_key_here

Full example:

curl https://api.auditledge.com/v1/events \
  -H "Authorization: Bearer al_your_key_here"

Error responses

Status Meaning
401 Missing or invalid authorization header No Authorization header was sent, or it did not start with Bearer
401 Invalid API key The key does not exist or has been revoked

Rotating a key

  1. Go to Dashboard → API Keys
  2. Create a new key and deploy it to your application
  3. Revoke the old key — it stops working immediately

There is no grace period after revocation. Rotate keys before revoking.

Security recommendations