Dfns Secures $16M Series A Funding – See the Full Announcement

Get started
Product

Introducing Audit Logs

Harrison Tross
Harrison Tross
September 3, 2025
Read time:

Audit logs are cryptographically verifiable activity trails for finance-grade compliance

We’re introducing Audit Logs, a cryptographically signed, human-readable record of sensitive user actions (those that require a passkey). It’s easy to export, locked down by permissions, and ready for regulatory evidence across compliance, audit, and reconciliation workflows. In simple terms: Audit Logs tell you who did what, when, how they authenticated, and they include proof to verify those facts independently.

In finance, logs aren’t just for debugging. They’re evidence. Auditors, regulators, and risk teams need clear answers to basic questions: who touched what, when, and under what authentication? Email trails and screenshots don’t cut it. You need an immutable trail of signed events that can be verified outside your application. Audit Logs give you that: readable exports for human review, and the cryptographic material to prove authenticity. This reduces time spent on investigations, strengthens non-repudiation (“I didn’t do that”), and makes regulatory reviews faster and less contentious.

Eight reasons why Audit Logs matter

Trust is measured in finance. Audit Logs turn sensitive actions into defensible records, easy for people to read, verifiable by machines, and aligned with the controls your auditors and regulators expect. They give you clarity in daily operations and confidence when it matters most. When a regulator, auditor, bank partner, or risk committee asks “Who changed this policy?” or “Who approved this transfer?”, you need an answer that’s clear, verifiable, and fast. That’s what Audit Logs provide.

  1. Regulatory evidence that holds up. Most compliance frameworks boil down to the same asks: prove who did what, when, and under what authentication. Audit Logs capture exactly that, plus the cryptographic proof to verify it. Instead of screenshots or internal notes, you can hand over a clean CSV for human review and raw signature data for independent validation. This maps directly to SOC 2, SOX, ISO 27001, and EU regimes like MiCA and DORA, where traceability, strong authentication, and non-repudiation are baseline requirements.
  2. Non-repudiation, not just narration. Traditional logs tell a story. Signed logs prove it. Sensitive actions are gated by passkeys, so each event includes a signature tied to a specific credential. Anyone can verify the event with the public key, signature, and assertion. If anything changes, verification fails, making tampering obvious and closing the “I didn’t do that” gap.
  3. Faster audits, less compliance lift. Audit cycles often stall on wrangling messy data: exporting, cleaning, mapping actors to actions, confirming timestamps. Our exports are human-readable by design, with clear columns for actor, credential, action path, timestamp, and metadata, ready for a spreadsheet or your GRC tool. Less time explaining means less disruption for engineering and compliance teams.
  4. Clear link from actions to business changes. Compliance and reconciliation teams need to tie a user’s action to a downstream effect, a transfer, a policy change, or an approval. Audit Logs make the chain explicit, so you can filter by time or user, review the action path, and match it to ledger events or policy histories. That shortens investigations and speeds reconciliation.
  5. Forensic-ready incident response. When something looks wrong (e.g., an unexpected balance change or suspicious approval), you need a clean, reconstructable timeline. Each event includes credential details, exact time, route, and raw signature materials. Security teams can validate the signature, confirm the actor (including service accounts), and move quickly from theory to fact without waiting on vendor tickets.
  6. Controlled access for sensitive data. Logs can contain sensitive context. With assignable export permissions, admins decide who can pull bulk logs, keeping compliance productive while protecting against unnecessary internal exposure, a requirement for many control frameworks.
  7. Built for humans and machines. People get a CSV they can read at a glance. Systems get JSON with raw cryptographic materials for automation and deep verification. You can schedule routine exports for audits and switch to detailed proofs when you need to show, not just tell.
  8. Confidence for partners and counterparties. In embedded finance, payments, brokerage, or tokenization, partners will ask: “How do you know who approved what?” Being able to show a verifiable audit trail tied to strong authentication cuts due-diligence friction and accelerates onboarding, integrations, and renewals.

What audit logs are and how they work

Audit Logs capture the critical facts behind sensitive operations inside your organization. When a sensitive action is performed, we record a log entry with:

  • Identity and context: orgId, userId (user or service account)
  • Credential used: credentialId (passkey-based)
  • When: precise timestamp (UTC)
  • What: the action path (e.g., /wallets/transfer) plus action metadata
  • Authentication proof: the JWT signature_token plus an assertion that includes the WebAuthn signature generated by the user’s passkey (private key never leaves the device).
  • Human-readable fields: so compliance teams don’t need to parse raw JSON to understand the event.

For any single auditEventId, you can also fetch details: user email, the public key of the credential, and the raw cryptographic materials (the original JWT, assertion blob, and action JSON). This lets your auditors or internal security teams independently confirm validity.

Note: Audit Logs capture all new events going forward. Events prior to the past two weeks will be progressively added as historical data is backfilled.

Example workflows:

  • Quarterly audit: Compliance exports a CSV for the quarter, filters by actionPath, and includes it in the audit package.
  • Dispute resolution: Security fetches a single event’s details, validates the passkey signature against the public key, and closes the case.
  • Reconciliation: Ops imports CSV, matches user actions to ledger events, and investigates anomalies.

Why you can trust the security of the trail

You don’t have to trust the application alone. You (or your auditors) can recompute and verify that an action was performed by a specific credential at a specific time. If someone tried to alter an event, the signature wouldn’t match.

  • Passkey-bound actions: Sensitive operations are gated by passkeys (FIDO/WebAuthn), producing a signature that’s tied to a specific user credential.
  • Tamper resistance via verification: Each log carries the cryptographic data required to verify authenticity:
    • The signature_token (JWT) used during the action.
    • The assertion with the WebAuthn signature and credentialId.
    • The public key for that credential, exposed by the details API for independent checks.
  • Append-only posture: Events are written with unique, stable IDs and enriched with strongly typed fields (user, credential, path, timestamp) so attempts to alter meaning are detectable.
  • Role-based access: Only authorized users can export logs. Admins can assign export rights to specific roles or individuals, limiting exposure of sensitive data.

Exports your operations teams can actually use

Audit Logs are designed to be human-readable and easy to move into your audit workflows.

  • CSV export (bulk) for audits and reconciliation tools.
  • Per-event JSON details for deep dives and signature verification.
  • Filters so you can pull just what you need: time-bound windows and optional userId.

Columns you’ll see in exports: auditEventId, timestamp, userId, credentialId, actionPath, actionMetadata, signatureToken

Nota Bene: Exporting audit logs is powerful and sensitive. Organization admins can assign export permissions to specific users to maintain least-privilege access. This keeps compliance productive without creating new data-leak vectors.

APIs for engineering and compliance automations

Automate exports and verification in your pipelines.

Bulk export (CSV):

GET /auth/audit-log/export
  ?startTime=<epochMillisUTC>         // Required
  &endTime=<epochMillisUTC>           // Optional; defaults to “now”
  &userId=<string>                    // Optional filter
  • Server returns up to 7 consecutive days of data in one call.
  • If the query exceeds that, we return 400 (Bad Request).

Single-event details (JSON):

GET /auth/action/logs/:logId

Returns:

  • emailId of the user or service account (comes in the bulk export endpoint too)
  • credential public key (to verify the signature)
  • Raw signature_token (JWT), assertions text block, and action JSON

How to get started now

  1. Inside your organization, open Settings → Audit Log and enable exports.
  2. Assign export permissions to specific users/roles.
  3. Export CSV for your date range, or call the details API for event-level JSON and signature verification materials.
  4. Automate recurring pulls via GET /auth/audit-log/export

Authors

Harrison Tross

Harrison Tross

Principal Software Engineer

Related articles

Product

Canton Token Standard Support

Adrien Moreau
Adrien Moreau
August 28, 2025
Product

Introducing Swaps

Luis Guilherme
Luis Guilherme
August 27, 2025
Product

Introducing Address Book

Harrison Tross
Harrison Tross
Chris Sutton
Chris Sutton
August 21, 2025
Request a demo

One of our security experts will get in touch as soon as possible.

Thanks for your interest.

Please, check your inbox.

Something went wrong, please try again.