Skip to main content

Overview

Security logs provide a detailed record of security-sensitive actions performed within your organization. They help you answer questions like: Who invited this user? When was this API key rotated? Who modified this webhook endpoint?

Permissions

  • Only Admin users can view security logs.
  • Account Managers and Finance/Analyst roles cannot view security logs.
  • For Custom Roles, a dedicated security logs permission can be granted.

How to access security logs

To view security logs:
  1. Navigate to the Team & Security section;
  2. Find the Security Logs tab; and
  3. View paginated security logs directly in this section.

Security log details

Each security log includes the following properties:
  • Log ID: A unique identifier for the log entry;
  • User: The organization member who performed the action (linked to their email);
  • Log type: The category of the event (e.g., user, role, api_key);
  • Log event: The specific event that was triggered (e.g., user.invited, api_key.rotated);
  • Logged at: The timestamp of the event; and
  • Resources: Contextual data related to the event (e.g., role assigned, webhook events, export type).

Tracked events

Below is the exhaustive list of security events tracked by Lago.

Users

New device logins capture additional context such as device ID, IP address, browser, and operating system.

Roles & permissions

API keys

Webhook endpoints

Data exports

Integrations

Billing entities

Filtering security logs

You can filter security logs using the following criteria, either through the UI or via the API:
  • Log date: Filter by from and to dates;
  • User: Filter by the user who performed the action (multi-select);
  • Log type: Filter by category — one or more of user, role, api_key, webhook_endpoint, export, integration, billing_entity (multi-select); and
  • Log event: Filter by specific event key, such as billing_entity.created or webhook_endpoint.deleted (multi-select).

Exporting security logs

Security logs can only be exported via the API endpoint (/api/v1/security_logs). There is no CSV export or log streaming option available at this time.