# Audit Logging

Audit logs answer the question "who did what through your API, and when?" —
providing a structured, searchable record of every request and business event
that flows through your gateway. This page explains why audit logging matters
and the options Zuplo gives you for capturing an audit trail.

## Why audit logging?

Audit logging plays a critical role in API security: it lets you detect and
investigate issues such as unauthorized access or permission elevation, and
reconstruct exactly what happened to a resource after the fact. It's also a hard
requirement for many compliance certifications (SOC 2, ISO 27001, HIPAA, PCI
DSS) and a common buying criterion for enterprise customers of your API.

Unlike request logs — which are optimized for debugging and operational
visibility — audit logs are structured business records: each event identifies
an actor, an action, and the resources affected, in a stable format you can
retain, search, and hand to an auditor.

## Options for audit logging

Zuplo supports two approaches, depending on where you want your audit trail to
live:

1. **[Zuplo Audit Logs](./audit-logs.mdx)** — the recommended approach for most
   APIs. Add a single policy and Zuplo records, stores, and indexes a structured
   audit event for every request. You can search the events in the Zuplo Portal,
   query them through the Zuplo API, and export them to a SIEM. No code or
   infrastructure required.
2. **[Custom audit logs](./custom-audit-logs.mdx)** — write a small custom
   policy that sends audit events to any external audit provider (for example,
   WorkOS Audit Logs). Full control over the event format and destination.

|              | Zuplo Audit Logs          | Custom audit logs     |
| ------------ | ------------------------- | --------------------- |
| Setup        | Add a policy              | Write policy code     |
| Storage      | Managed by Zuplo          | Your provider         |
| Viewing      | Zuplo Portal + Zuplo API  | Your provider's tools |
| Availability | Enterprise (free to test) | All plans             |

Zuplo Audit Logs is an enterprise feature, but anyone can use it for free for
development and testing purposes.

## Gateway audit logs versus account audit logs

Zuplo has two separate audit trails — the options above all concern the first:

- **Gateway audit logs** record traffic through _your API_: requests from your
  API's consumers and custom events emitted by your gateway code.
- **[Account audit logs](./accounts/audit-logs.mdx)** record administrative
  activity in _your Zuplo account_: project changes, team member management,
  deployments, and other portal and API operations.

## Next steps

- [Zuplo Audit Logs](./audit-logs.mdx) — enable the built-in feature and start
  recording events
- [Custom audit logs](./custom-audit-logs.mdx) — send audit events to an
  external provider
- [Audit Logs policy reference](../policies/audit-log-inbound.mdx) — all
  configuration options and the full event shape
