Implementation:BerriAI Litellm Audit Logging Endpoints
| Attribute | Value |
|---|---|
| Sources | enterprise/litellm_enterprise/proxy/audit_logging_endpoints.py |
| Domains | Audit Logging, REST API, Compliance, Enterprise |
| Last Updated | 2026-02-15 16:00 GMT |
Overview
This module defines FastAPI CRUD endpoints for querying audit log entries from the LiteLLM proxy database, supporting filtering, sorting, and pagination.
Description
The module provides two endpoints for audit log retrieval:
- GET /audit -- Retrieves a paginated list of audit logs with optional filtering by:
changed_by-- User or system that performed the actionchanged_by_api_key-- API key hash that performed the actionaction-- Action type (create, update, delete)table_name-- Database table that was modifiedobject_id-- ID of the modified objectstart_date/end_date-- Date range filteringsort_by/sort_order-- Sorting (default:updated_at desc)page/page_size-- Pagination (default: page 1, 10 items per page, max 100)
- GET /audit/{id} -- Retrieves a single audit log entry by its unique ID.
Both endpoints require user_api_key_auth authentication and a connected Prisma database.
Usage
Mount the router on the LiteLLM proxy FastAPI application to provide audit log querying capabilities for compliance and monitoring.
Code Reference
Source Location
enterprise/litellm_enterprise/proxy/audit_logging_endpoints.py
Signature
router = APIRouter()
@router.get("/audit", response_model=PaginatedAuditLogResponse)
async def get_audit_logs(
page: int = Query(1, ge=1),
page_size: int = Query(10, ge=1, le=100),
changed_by: Optional[str] = None,
changed_by_api_key: Optional[str] = None,
action: Optional[str] = None,
table_name: Optional[str] = None,
object_id: Optional[str] = None,
start_date: Optional[str] = None,
end_date: Optional[str] = None,
sort_by: Optional[str] = None,
sort_order: str = "desc",
): ...
@router.get("/audit/{id}", response_model=AuditLogResponse)
async def get_audit_log_by_id(
id: str,
user_api_key_dict: UserAPIKeyAuth = Depends(user_api_key_auth),
): ...
Import
from litellm_enterprise.proxy.audit_logging_endpoints import router
I/O Contract
Inputs
| Endpoint | Parameter | Type | Description |
|---|---|---|---|
| GET /audit | page |
int |
Page number (default: 1, min: 1). |
| GET /audit | page_size |
int |
Items per page (default: 10, max: 100). |
| GET /audit | changed_by |
Optional[str] |
Filter by actor. |
| GET /audit | action |
Optional[str] |
Filter by action type. |
| GET /audit | table_name |
Optional[str] |
Filter by modified table. |
| GET /audit | start_date / end_date |
Optional[str] |
Date range filter. |
| GET /audit/{id} | id |
str |
Unique audit log entry ID. |
Outputs
| Endpoint | Response Type | Description |
|---|---|---|
| GET /audit | PaginatedAuditLogResponse |
audit_logs list, total, page, page_size, total_pages.
|
| GET /audit/{id} | AuditLogResponse |
Single audit log with id, updated_at, changed_by, action, table_name, object_id, before_value, updated_values.
|
Usage Examples
import httpx
# Get paginated audit logs with filters
response = httpx.get(
"http://localhost:4000/audit",
params={
"page": 1,
"page_size": 20,
"action": "create",
"table_name": "LiteLLM_VerificationToken",
"sort_by": "updated_at",
"sort_order": "desc",
},
headers={"Authorization": "Bearer sk-..."},
)
# Get a specific audit log entry
response = httpx.get(
"http://localhost:4000/audit/abc-123-def",
headers={"Authorization": "Bearer sk-..."},
)
Related Pages
- BerriAI_Litellm_Audit_Log_Types -- Pydantic types for audit log responses
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment