List login audit events

Returns login audit events for the caller’s company, newest first.

Special-scope key required. This endpoint is gated by the login-audits.read entitlement. Your API key must be issued with that scope or the request will be rejected with 403 Forbidden. Contact Guardhouse Support to have the scope added to an existing key.

Tenant scope: the company is taken from your access token’s CompanyId claim. Passing companyId in the query string is ignored — cross-tenant isolation is enforced server-side.

Results are ordered by occurredUtc descending and paged with Skip((page - 1) * pageSize).Take(pageSize). There is no totalCount field — when fewer than pageSize rows are returned, you have reached the end.

GET

/

api

/

external

/

loginaudit

List login audit events

curl --request GET \
  --url https://gateway-api.guardhousehq.com/api/external/loginaudit \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "id": 123,
      "userId": 123,
      "companyId": 123,
      "appType": "<string>",
      "emailAttempted": "<string>",
      "ipAddress": "<string>",
      "userAgent": "<string>",
      "failureReason": "<string>",
      "occurredUtc": "2023-11-07T05:31:56Z"
    }
  ],
  "errors": [
    {
      "code": "<string>",
      "message": "<string>",
      "field": "<string>"
    }
  ],
  "meta": {
    "traceId": "<string>",
    "timestampUtc": "2023-11-07T05:31:56Z",
    "nextPageEndpoint": "<string>",
    "prevPageEndpoint": "<string>"
  }
}

Authorizations

Authorization

string

header

required

JWT issued by POST /api/token/request. Send as Authorization: Bearer <token>.

Query Parameters

userId

integer<int32>

Filter to a specific user.

eventType

enum<integer>

Filter by event type. 1 = LoginSuccess, 2 = LoginFailure, 3 = Logout (reserved).

Available options:

1,

2,

3

from

string<date-time>

Inclusive lower bound on occurredUtc (ISO-8601 UTC, e.g. 2026-04-01T00:00:00Z).

to

string<date-time>

Inclusive upper bound on occurredUtc (ISO-8601 UTC).

page

integer<int32>

default:1

1-based page index. Must be >= 1.

Required range: x >= 1

pageSize

integer<int32>

default:50

Page size. Must be between 1 and 500.

Required range: 1 <= x <= 500

Response

Paged list of login audit events.

Standard { data, errors, meta } envelope used by Login Audit endpoints. Differs from the legacy ApiResponse envelope used by older endpoints.

data

object[] · null · null

Endpoint-specific payload. null when errors is populated.

Show child attributes

errors

object[] | null

Show child attributes

meta

object

Show child attributes

Recent login activity for a userReturns the most recent login audit events for a single user in the caller's company. Use this for a quick "what's this user been up to" view; use the list endpoint when you need date ranges or pagination. > **Special-scope key required.** This endpoint is gated by the `login-audits.read` entitlement. Your API key must be issued with that scope or the request will be rejected with `403 Forbidden`. Date filters are intentionally **not** supported here — call `GET /api/external/loginaudit?userId={userId}&from=...&to=...` if you need them.

List login audit events

curl --request GET \
  --url https://gateway-api.guardhousehq.com/api/external/loginaudit \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "id": 123,
      "userId": 123,
      "companyId": 123,
      "appType": "<string>",
      "emailAttempted": "<string>",
      "ipAddress": "<string>",
      "userAgent": "<string>",
      "failureReason": "<string>",
      "occurredUtc": "2023-11-07T05:31:56Z"
    }
  ],
  "errors": [
    {
      "code": "<string>",
      "message": "<string>",
      "field": "<string>"
    }
  ],
  "meta": {
    "traceId": "<string>",
    "timestampUtc": "2023-11-07T05:31:56Z",
    "nextPageEndpoint": "<string>",
    "prevPageEndpoint": "<string>"
  }
}