# Search audit log entries

Source: https://business-api-docs.youhodler.com/docs/api/reference/user-action-audit-entries/user-action-audit-entries-search

Queries the immutable audit trail. `occurred_from_utc` and `occurred_to_utc` are required. All other filters are optional.

## Request

**Request URL — GET**
```http
GET /user-action-audit-entries/search
```

## Responses

**200 Operation succeeded**

Operation succeeded.

```json
{
  "items": [
    {
      "action_family": "tenant_governance",
      "approval_state": "not_required",
      "attribution": {
        "actor": null,
        "approved_by": null,
        "authenticated_principal": {
          "kind": "user",
          "ref": "users/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b"
        },
        "identity_source": "platform-managed",
        "initiated_by": null,
        "subject": {
          "kind": "user",
          "ref": "users/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b"
        }
      },
      "changed_fields": null,
      "correlation_id": null,
      "detail": null,
      "event_id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
      "event_type": "tenant.enterprise.admitted.v1",
      "human_actor_id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
      "id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
      "occurred_at_utc": "2026-05-01T10:00:00Z",
      "reason_code": null,
      "reason_text": null,
      "recorded_at_utc": "2026-05-01T10:00:00Z",
      "request_id": "b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
      "resource_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
      "resource_type": "enterprise",
      "result_status": "succeeded",
      "scope": {
        "client_account_ref": null,
        "client_ref": null,
        "enterprise_ref": "enterprises/b8e2f1a0-4c3d-4e5f-9a1b-2c3d4e5f6a7b",
        "master_account_ref": null,
        "platform_operator_ref": null
      },
      "service_account_id": null,
      "source_service": "edge-service",
      "trace_id": null
    }
  ],
  "limit": 100,
  "offset": 0,
  "total": 1
}
```

**400 Invalid request payload**

Invalid request payload, query, or parameter shape.

```json
{
  "code": "invalid_request",
  "details": {
    "reason": "invalid_date_range"
  },
  "message": "Date range is invalid or too wide"
}
```

**401 Caller is not authenticated or the bearer token is invalid**

Caller is not authenticated or the bearer token is invalid.

```json
{
  "code": "unauthorized",
  "message": "Authentication required."
}
```

**403 Caller lacks the required capability or permitted scope**

Caller lacks the required capability or permitted scope.

```json
{
  "code": "forbidden_capability_scope",
  "details": {
    "reason": "missing_capability"
  },
  "message": "Insufficient capability for this operation."
}
```

**429 Request rate limit exceeded**

Request rate limit exceeded. Retry after the delay indicated in the `details.retry_after_ms` field.

```json
{
  "code": "rate_limited",
  "details": {
    "retry_after_ms": 5000
  },
  "message": "Too many requests."
}
```

**502 Upstream service returned an unexpected error**

Upstream service returned an unexpected error.

```json
{
  "code": "upstream_error",
  "message": "An upstream service returned an unexpected error."
}
```

**503 Service is temporarily unavailable**

Service is temporarily unavailable; retry with backoff.

```json
{
  "code": "temporarily_unavailable",
  "details": {
    "reason": "service_temporarily_unavailable"
  },
  "message": "Service is temporarily unavailable."
}
```