Skip to main content
The Logs page shows API request history for the account. This feature is separate from Activity, which tracks account actions such as key changes and webhook changes. Each row comes from the API key request log store and is joined with metadata about the key that made the request. Request logs help you:
  • Debug integration issues by tracing which requests returned errors.
  • Monitor API usage to see which endpoints and models your keys are calling.
  • Audit access patterns by reviewing which API keys are active and when.
  • Investigate incidents using status codes, error codes, and timestamps.

What is captured

The underlying request-log record stores endpoint and request metadata. The dashboard joins that data with API key metadata so the table can show the key name and key state.
FieldTypeDescription
API keystringKey name and key prefix from the joined API key record
MethodstringHTTP method (GET, POST, PUT, DELETE)
EndpointstringFull API path
Status codeintegerHTTP response status code (200, 400, 401, 500, etc.)
Error codestringBabySea error code when the request failed
IP hashstringSHA-256 hash of the client IP address (never raw IP)
User agentstringStored in the log record, though not shown in the main table
TimestampdatetimeTimestamp recorded for the request

How logging works

When a request uses an API key, BabySea records the request outcome in the API key log:
1

Request arrives

The request reaches a public /v1 route with an API key in the Authorization header.
2

Request processes

The route handler returns a status code and may attach an error code.
3

Log entry is written

BabySea records the endpoint, method, status code, optional error code, IP hash, user agent, and timestamp.
4

Dashboard query joins key metadata

When you open Logs, the dashboard loads those rows together with the key name, prefix, and key status fields.

IP privacy

BabySea never stores raw IP addresses. Every IP is hashed with SHA-256 before being stored. This means:
PropertyDetails
Storage formatSHA-256 hex digest
ReversibilityOne-way hash. The original IP cannot be recovered
DisplayThe table shows the first 12 characters followed by
You can use the hashed value to correlate requests from the same source without exposing the actual IP address.

Access control

Request logs are visible to all roles on the account:
RoleView logsExport logs
Primary OwnerYesYes
OwnerYesYes
MemberYesYes
There are no create, edit, or delete actions for individual rows in the dashboard.

Log immutability

Log entries cannot be edited or manually deleted through the dashboard. They are:
PropertyDetails
ImmutableNo update operations available after creation
Auto-cleanupRemoved by the retention system based on the account plan
Cascade deleteRemoved if the parent API key is deleted
Snapshot-awareAggregate analytics snapshots preserve historical metrics after row cleanup

Next steps

  • Viewing - Dashboard table, columns, search, and filtering
  • Retention - Plan-based retention periods and automatic cleanup
  • Export - Batch select and export logs as CSV or JSON
  • Best practices - Monitoring, debugging, and security patterns