Overview
Security logs provide a detailed record of security-sensitive actions performed within your organization. They help you answer questions like: Who invited this user? When was this API key rotated? Who modified this webhook endpoint?Permissions
- Only Admin users can view security logs.
- Account Managers and Finance/Analyst roles cannot view security logs.
- For Custom Roles, a dedicated security logs permission can be granted.
How to access security logs
- Dashboard
- API
To view security logs:
- Navigate to the Team & Security section;
- Find the Security Logs tab; and
- View paginated security logs directly in this section.
Security log details
Each security log includes the following properties:- Log ID: A unique identifier for the log entry;
- User: The organization member who performed the action (linked to their email);
- Log type: The category of the event (e.g.,
user,role,api_key); - Log event: The specific event that was triggered (e.g.,
user.invited,api_key.rotated); - Logged at: The timestamp of the event; and
- Resources: Contextual data related to the event (e.g., role assigned, webhook events, export type).
Tracked events
Below is the exhaustive list of security events tracked by Lago.Users
New device logins capture additional context such as device ID, IP address, browser, and operating system.
Roles & permissions
API keys
Webhook endpoints
Data exports
Integrations
Billing entities
Filtering security logs
You can filter security logs using the following criteria, either through the UI or via the API:- Log date: Filter by
fromandtodates; - User: Filter by the user who performed the action (multi-select);
- Log type: Filter by category — one or more of
user,role,api_key,webhook_endpoint,export,integration,billing_entity(multi-select); and - Log event: Filter by specific event key, such as
billing_entity.createdorwebhook_endpoint.deleted(multi-select).
Exporting security logs
Security logs can only be exported via the API endpoint (/api/v1/security_logs). There is no CSV export or log streaming option available at this time.