WRNexus
Back to the blog
announcements 5 min read

Introducing the WRNexus Audit Log API

A first-class audit log shipped with every workspace, queryable from the dashboard, the API, and your warehouse — with the same JSON shape everywhere.

Maya Anand

#announcements · #audit · #product

Today we’re shipping the WRNexus Audit Log API to general availability. Every workspace already has an audit trail behind the scenes; the new API lets your engineers, your auditors, and your SIEM read it through the same endpoint, with the same JSON shape, with the same RBAC checks.

Why this matters

Most identity products treat the audit log as a UI feature — a paginated table buried in the admin console. That’s fine right up to the moment your SOC 2 auditor asks for “every privileged action in the trailing 12 months as a CSV,” and your team has to write a one-off Python script that nobody reviews.

We took the opposite approach. The same view that powers the admin console is exposed at:

GET /api/audit-log?since=2026-01-01&action=workspace.member.role_changed
Authorization: Bearer wrn_live_…

The response is the canonical event shape — actor, action, target, metadata, IP, user-agent, and the hash chain pointers — so a one-line curl | jq or a scheduled warehouse load yields the same data your auditor sees.

What you can do today

  • Filter by actor, action, target, IP, or date range with cursor pagination that’s stable across millions of rows.
  • Export to CSV or JSON with one click in the admin console, or schedule a recurring export to S3 / GCS.
  • Stream to your warehouse with our BigQuery and Snowflake connectors — the columns map 1:1 to the API payload.
  • Verify the hash chain with the open-source wrn-audit-verify CLI so you can independently prove no row has been edited.

A small worked example

Say you want to email yourself every time a teammate promotes themselves to owner in the last hour. With the new API:

curl -s "https://api.wrnexus.com/api/audit-log" \
  -H "Authorization: Bearer $WRN_TOKEN" \
  --data-urlencode "action=workspace.member.role_changed" \
  --data-urlencode "since=$(date -u -d '1 hour ago' +%FT%TZ)" \
  | jq '.data[] | select(.metadata.to == "owner")'

Wrap that in a 5-minute cron and you’ve got the cheapest “privilege escalation alert” in the industry. (You can also subscribe to the audit.event.created webhook, which we recommend for anything that needs real-time response.)

Pricing and limits

The endpoint is included in every plan, with rate limits proportional to your tier. The Pro and Enterprise plans get unlimited backfill from their first day on WRNexus — no cliff at 90 days, no surprise archival fee.

What’s next

We’re working on field-level redaction for high-sensitivity metadata (think: bearer tokens that leak into a webhook URL) and per-event signatures that can be forwarded to a customer-held key for the strictest compliance reviews.

If you want early access, mail us at audit@wrnexus.com and tell us what your auditor cares about. We’ll prioritise accordingly.

Newer post

SCIM 2.0 provisioning, end to end
Older post

Stripe billing best practices for B2B SaaS