API

API Audit Logs

Guide to accessing and interpreting API audit logs in PineBill for monitoring API usage and security.

Quick Start

API audit logs provide a comprehensive record of all API requests made to your organization. Monitor usage, debug issues, and detect security threats at Dashboard → Audit → API Logs.

Permissions: Organization admins and members can view API logs. Guests cannot access audit logs.

Invoice Generator Overview

What Are API Audit Logs?

API audit logs record every API request made to your organization, including:

  • Request Details: Method, endpoint, timestamp
  • Authentication: Which API key was used
  • Response Status: Success or error codes
  • Network Info: IP address and user agent
  • Performance: Request timing and processing

Use cases:

  • Monitor API usage patterns
  • Debug integration issues
  • Detect suspicious activity
  • Track API key performance
  • Compliance and auditing
  • Troubleshoot errors

Viewing API Logs

Accessing the Logs Dashboard

  1. Navigate to API Logs
  2. View recent API requests in chronological order
  3. Use filters to narrow down results

Log Information

Each log entry displays:

FieldDescriptionExample
TimestampWhen the request was madeDec 2, 2025 10:30:15 AM
MethodHTTP method usedGET, POST, PUT, DELETE
EndpointAPI endpoint accessed/v1/invoices
StatusHTTP response code200, 404, 500
API KeyWhich key made the requestProduction API (pbk_...x7f2)
IP AddressRequest origin192.168.1.1

Understanding Status Codes

API logs include HTTP status codes indicating request outcomes:

Success Codes (2xx)

CodeMeaningDescription
200OKRequest successful
201CreatedResource created successfully
204No ContentSuccessful, no response body

Client Error Codes (4xx)

CodeMeaningCommon Causes
400Bad RequestInvalid request format or parameters
401UnauthorizedInvalid or missing API key
403ForbiddenAPI key lacks required permissions
404Not FoundEndpoint or resource doesn't exist
429Too Many RequestsRate limit exceeded

Server Error Codes (5xx)

CodeMeaningAction
500Internal Server ErrorContact support if persists
502Bad GatewayTemporary issue, retry with backoff
503Service UnavailableSystem maintenance or overload

Common Monitoring Patterns

Detecting Unusual Activity

High Volume of 401 Errors:

  • Possible unauthorized access attempts
  • Check if API key was leaked
  • Review IP addresses for patterns

Spike in Requests:

  • Sudden increase in API calls
  • May indicate runaway process
  • Check for infinite loops in code

Unusual IP Addresses:

  • Requests from unexpected locations
  • May indicate compromised API key
  • Consider geographic restrictions (Enterprise)

Debugging Integration Issues

Consistent 400 Errors:

  • Review request format and parameters
  • Check API documentation for correct structure
  • Validate JSON payloads

Intermittent 429 Errors:

  • Rate limit being hit
  • Implement exponential backoff
  • Distribute load across multiple keys

404 Errors:

  • Verify endpoint URL is correct
  • Check API version in URL
  • Ensure resource IDs exist

Security Monitoring

Best Practices

Regular Reviews:

  • Review logs weekly for anomalies
  • Set up alerts for suspicious patterns (Enterprise)
  • Document normal usage patterns

Key Rotation:

  • Rotate API keys every 90 days
  • Monitor old key usage after rotation
  • Revoke keys showing no activity

Access Control:

  • Limit API key creation to admins only
  • Review who has access to API keys
  • Use separate keys per team/service

Incident Response:

  1. Identify suspicious activity in logs
  2. Immediately revoke compromised key
  3. Create new API key with different name
  4. Update affected services
  5. Review logs for extent of breach
  6. Document incident and response

Suspected Breach? If you suspect API key compromise, revoke the key immediately and contact support.

Troubleshooting

API Keys

Manage and utilize API keys for secure access to PineBill's RESTful API.

Subscription

Plans, pricing, usage limits, and billing management in PineBill.

On this page

Quick StartWhat Are API Audit Logs?Viewing API LogsAccessing the Logs DashboardLog InformationUnderstanding Status CodesSuccess Codes (2xx)Client Error Codes (4xx)Server Error Codes (5xx)Common Monitoring PatternsDetecting Unusual ActivityDebugging Integration IssuesSecurity MonitoringBest PracticesTroubleshootingRelated Topics
API Audit Logs | PineBill Documentation