The Logs page shows API request history for the account. It is separate from Activity, which tracks administrative actions like key changes and webhook modifications.
Use logs to debug integration issues, monitor endpoint usage, audit access patterns, and investigate incidents using status codes, error codes, and timestamps.
Access control
All roles can view and export logs. There are no create, edit, or delete actions for individual rows.
What is captured
| Field | Type | Description |
|---|
API key | string | Key name and prefix |
Method | string | HTTP method (GET, POST, PUT, DELETE) |
Endpoint | string | Full API path |
Params | string | Sanitized query string, when present |
Status code | integer | HTTP response status code |
Error code | string | BabySea error code, when the request failed |
IP hash | string | SHA-256 hash of the client IP — never the raw address |
Timestamp | datetime | When the request was recorded |
IP privacy
BabySea never stores raw IPs. Every address is hashed with SHA-256 before storage — one-way and irreversible. The table shows the first 12 characters followed by …. You can still correlate requests from the same source using the hash. See the IP hash correlation section below.
Log immutability
Logs cannot be edited or deleted from the console. They are removed automatically by the retention system or when the associated API key is permanently deleted. Aggregated statistics (usage charts, request counts) are preserved even after individual rows expire.
Viewing logs
Navigate to Logs in the sidebar. Use the fullscreen icon (top right) for more space when auditing wide data.
Table columns
| Column | Description |
|---|
| Select | Checkbox for batch selection |
| API | Key name, prefix, and status icon |
| Method | HTTP method |
| Endpoint | Full API path |
| Params | Sanitized query string |
| Status | HTTP response status code, color-coded |
| Error code | BabySea error code if the request failed |
| IP hash | SHA-256 hash of client IP |
| Timestamp | Localized date and time |
Status code colors
| Color | Range | Meaning |
|---|
| Green | 2xx | Success |
| Blue | 3xx | Redirect |
| Amber | 4xx | Client error |
| Red | 5xx | Server error |
Key status icons (API column)
| State | Color | Meaning |
|---|
| Active | Default | Key is active and healthy |
| Rotated | Indigo | Key was rotated — replacement is active |
| Expired | Red | Key passed its expiration date |
| Inactive | Pink | Key is inactive |
Search
The search field filters the current page against: key name, key prefix, method, endpoint, params, status code, error code, and IP hash. Results update as you type.
Pagination and sorting
The table shows 500 rows per page. All columns are sortable. Batch selection and export apply to the current page only.
Reading a log entry
Successful request:
API: production-api (bye_AB12C...) Method: POST
Endpoint: /v1/generate/image/flux-pro
Status: 200 Error code: — Timestamp: Mar 6, 12:30
API: staging-key (bye_XY98Z...) Method: POST
Endpoint: /v1/generate/image/flux-pro Params: duration=5&resolution=720p
Status: 401 Error code: BSE1001 Timestamp: Mar 6, 14:15
Retention
Logs are retained based on your plan and automatically purged when they expire. Aggregated statistics are always preserved.
| Plan | Retention |
|---|
| Free | 1 day |
| Starter | 7 days |
| Pro | 30 days |
| Scale | 180 days |
| Enterprise | 1 year |
Deleting an API key permanently removes all its log history. Export before deleting if you need to preserve the data.
Export
Select rows using the checkbox column, then open the Actions menu.
| Selection | How |
|---|
| Single row | Click the row checkbox |
| Multiple rows | Click each row’s checkbox |
| All on page | Click the header checkbox |
Export actions
| Action | Result |
|---|
| Copy as CSV | Copies selected rows as CSV to clipboard |
| Copy as JSON | Copies selected rows as a JSON array to clipboard |
| Export as CSV | Downloads a .csv file |
| Export as JSON | Downloads a .json file |
[
{
"apikey_name": "production-api",
"apikey_prefix": "bye_AB12C",
"method": "POST",
"endpoint": "/v1/generate/image/flux-pro",
"query_params": null,
"status_code": 200,
"error_code": null,
"ip_hash": "a1b2c3d4e5f6...",
"timestamp": "2026-03-06T12:30:45.000Z"
}
]
apikey_name,apikey_prefix,method,endpoint,query_params,status_code,error_code,ip_hash,timestamp
production-api,bye_AB12C,POST,/v1/generate/image/flux-pro,,200,,a1b2c3d4e5f6,2026-03-06T12:30:45.000Z
staging-key,bye_XY98Z,POST,/v1/generate/image/flux-pro,duration=5&resolution=720p,401,BSE1001,f6e5d4c3b2a1,2026-03-06T14:15:22.000Z
user_agent is not included in UI exports.
Export before deleting a key
Open Logs
Navigate to Logs in the console.
Filter by key
Search by key name or prefix.
Select all matching rows
Click the header checkbox. Repeat across pages if needed.
Download the export
Click Export as JSON or Export as CSV.
Delete the key
Navigate to API keys and delete.
Debugging and monitoring
Debugging a failed request
Find the request
Search by error code (e.g. BSE4006) or status code (e.g. 401).
Check the error code
BabySea error codes indicate the specific failure reason. See Error Codes. Check the key status
If the key icon shows expired or revoked, that explains auth failures.
Check the endpoint and scope
Verify the path is correct and the key’s scope covers it. See Scopes. Check the IP hash
If the key has an IP allowlist, compare the log’s IP hash with your expected source. Mismatches return 403. See IP allowlist. Common error codes
| Code | Status | Description |
|---|
BSE1001 | 401 | Missing API key |
BSE1002 | 401 | Invalid or expired API key |
BSE1003 | 403 | Key does not have permission for this resource |
BSE1004 | 402 | Insufficient credits |
BSE1007 | 403 | IP not in allowlist |
Error patterns to watch
| Pattern | Likely cause |
|---|
Spike in 401 responses | Key is invalid, expired, or revoked |
Repeated 403 from one key | Key scope doesn’t match the endpoint |
Burst of 429 responses | Rate limiting or retry pressure |
Increasing 500 responses | Server-side issue — check BabySea Status |
Security review targets
| Target | What to look for |
|---|
| Unauthorized access | 401/403 from unexpected IP hashes |
| Unusual endpoints | Requests to paths your app shouldn’t use |
| Off-hours activity | Requests when your application should be idle |
| Unknown key names | Log entries from keys you don’t recognize |
IP hash correlation
Raw IPs are never stored, but you can hash a known IP to compare against exported log data:
import { createHash } from 'crypto';
const knownIp = '203.0.113.10';
const hash = createHash('sha256').update(knownIp).digest('hex');
const prefix = hash.substring(0, 12);
console.log(`Look for entries starting with: ${prefix}`);
Export schedule by plan
If your organization requires longer retention than your plan provides, export on a regular schedule before logs age out:
| Plan | Retention | Recommended export frequency |
|---|
| Free | 1 day | Daily |
| Starter | 7 days | Weekly |
| Pro | 30 days | Monthly |
| Scale | 180 days | Quarterly |
| Enterprise | 1 year | Quarterly |
