AuthZed Product Documentation
Audit Logging

Audit Logging

Audit Logging is functionality exclusive to AuthZed products that publishes logs of SpiceDB API operations to a log sink.

Info: Audit Logging is currently in Early Access.

Early Access functionality is production-ready, but requires coordination with your success team to set-up.

Log Format

Logs contain the full details related to a request including:

  • API Token hash
  • Request Method
  • Request Body
  • Request IP
  • Response Body
  • Errors (if any)


  "specversion": "1.0",
  "id": "35cdd6662882bd387292ef78a650d18b",
  "source": "spicedb",
  "type": "/authzed.api.v1.SchemaService/ReadSchema",
  "datacontenttype": "application/json",
  "time": "2023-12-18T17:32:47.234247Z",
  "data": {
    "request": {
      "@type": ""
    "response": {
      "@type": "",
      "schemaText": "definition folder {\n\trelation reader: user | service\n\tpermission read = reader\n}\n\ndefinition resource {\n\trelation reader: user | service\n\tpermission read = reader\n}\n\ndefinition service {}\n\ndefinition user {}",
      "readAt": {
        "token": "GhUKEzE3MDI5MjA0MjcxMjM2MDIwMDA="
    "metadata": {
      "token_hash": "c3ab8ff13720e8ad9047dd39466b3c8974e592c2fa383d4a3960714caef0c4f2",
      "user-agent": "grpc-go/1.58.3",
      "x-request-id": "35cdd6662882bd387292ef78a650d18b"

Log Sinks

Log Sinks are the targets where logs will be shipped in order to be persisted. In order to configure a log sink, you must file a request with your AuthZed customer success team.

The following are the supported log sinks:

Info: We're exploring additional Log Sinks.

Please reach out to your success team with any requests.

© 2024 AuthZed.