The Audit Log API provides detailed records of user activity within the Harvey platform. It is built for compliance teams, security personnel, and platform admins who need to track document access, logins, and other behavioral events.

GET /api/v1/logs/audit/search
GET /api/v1/logs/audit/latest

Overview

Use the Audit Log API to:

  • Monitor Activity: Track who accessed what and when
  • Investigate Incidents: Reconstruct user behavior in a specific time window
  • Support Compliance Reviews: Prove access boundaries for sensitive projects or client data

Endpoints

Search Audit Logs

GET /logs/audit/search

Query audit logs over a specific time window or action type.

curl -X GET "https://api.harvey.ai/api/v1/logs/audit/search" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -G \
  --data-urlencode "start_time=1711920000" \
  --data-urlencode "end_time=1714521600" \
  --data-urlencode "action=document.download"

Get Latest Audit Log Entries

GET /logs/audit/latest

Retrieve the most recent audit events (up to 100 entries).

curl -X GET "https://api.harvey.ai/api/v1/logs/audit/latest" \
  -H "Authorization: Bearer YOUR_API_KEY"

Use Cases

Use Case 1: Compliance Monitoring and Audit Trail Capture

Challenge: Firms must track who accessed or exported sensitive data to maintain compliance with data protection obligations.

Solution: Use the Audit Log API to log document downloads, project views, or permission changes.

Use Case 2: Incident Response and User Investigations

Challenge: In the event of suspected misuse, security teams need to reconstruct the timeline of a user’s actions.

Solution: Use /logs/audit/search with filters for email, action, and timestamp to narrow down relevant records.

Use Case 3: Proactive Access Monitoring

Challenge: Clients may request proof that their documents were never accessed outside of expected workflows.

Solution: Periodically extract and store audit logs for high-sensitivity projects.

Best Practices

  • Use start_time and end_time: Narrow your queries to relevant time ranges using epoch timestamps
  • Filter by action type: Filter for document.download, login, project.access, etc. for more focused results
  • Monitor privileged activity: Identify unusual behavior by users with elevated permissions
  • Log downstream storage: Store copies of logs in your own SIEM or audit repository
  • Use /latest for freshness: Poll the /latest endpoint in high-alert scenarios to capture real-time activity

Error Handling

Status CodeDescriptionExample Error Message
200SuccessN/A
400Bad Request – Invalid query input{ "error": "Missing required filters" }
401Unauthorized – Invalid API key{ "error": "Unauthorized" }
429Too Many Requests – Rate limit exceeded{ "error": "Rate limit exceeded" }
500Internal Server Error{ "error": "Unexpected server error" }

Need help getting started? Contact your Harvey Customer Success Manager for more information.