Audit Logs

Overview

Retrieve audit logs for all administrative actions performed in the system. This endpoint provides a complete audit trail of user activities for compliance and security monitoring.

Authentication

Authorization

string

required

Bearer token for authentication. Must be a valid JWT token for a user with ADMIN role.

Authorization

This endpoint requires the ADMIN role. Users with PATIENT or DOCTOR roles will receive a 403 Forbidden response.

Response

logs

array

Array of audit log entries

integer

Unique audit log entry identifier

userId

integer

ID of the user who performed the action

action

string

Description of the action performed. Examples:

Admin crear bloque de tiempo
Admin listar reservas
Admin listar usuarios
Admin obtener usuario
Admin actualizar usuario
Admin cambiar estado usuario
Admin listar auditoría

timestamp

string

ISO 8601 timestamp when the action was performed

user

object

User object containing information about who performed the action

integer

User ID

name

string

User’s full name

string

User’s email address

role

string

User’s role in the system

Example Request

curl -X GET https://api.example.com/api/admin/audit \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Example Response

[
  {
    "id": 1,
    "userId": 3,
    "action": "Admin listar usuarios",
    "timestamp": "2024-03-03T10:30:00.000Z",
    "user": {
      "id": 3,
      "name": "Admin User",
      "email": "admin@hospital.com",
      "role": "ADMIN"
    }
  },
  {
    "id": 2,
    "userId": 3,
    "action": "Admin crear bloque de tiempo",
    "timestamp": "2024-03-03T11:15:00.000Z",
    "user": {
      "id": 3,
      "name": "Admin User",
      "email": "admin@hospital.com",
      "role": "ADMIN"
    }
  },
  {
    "id": 3,
    "userId": 3,
    "action": "Admin actualizar usuario",
    "timestamp": "2024-03-03T14:20:00.000Z",
    "user": {
      "id": 3,
      "name": "Admin User",
      "email": "admin@hospital.com",
      "role": "ADMIN"
    }
  },
  {
    "id": 4,
    "userId": 3,
    "action": "Admin cambiar estado usuario",
    "timestamp": "2024-03-03T15:45:00.000Z",
    "user": {
      "id": 3,
      "name": "Admin User",
      "email": "admin@hospital.com",
      "role": "ADMIN"
    }
  },
  {
    "id": 5,
    "userId": 3,
    "action": "Admin listar auditoría",
    "timestamp": "2024-03-03T16:00:00.000Z",
    "user": {
      "id": 3,
      "name": "Admin User",
      "email": "admin@hospital.com",
      "role": "ADMIN"
    }
  }
]

Error Responses

error

string

Error message describing what went wrong

403 Forbidden

Returned when the authenticated user does not have the ADMIN role.

{
  "error": "Access denied"
}

401 Unauthorized

Returned when the Authorization header is missing or contains an invalid token.

{
  "error": "Unauthorized"
}

500 Internal Server Error

Returned when a server error occurs while fetching audit logs.

{
  "error": "Error fetching audit logs"
}

Audit Actions

The following actions are automatically logged in the audit system:

Admin crear bloque de tiempo - Time block creation
Admin listar reservas - Listing all reservations
Admin listar usuarios - Listing all users
Admin obtener usuario - Viewing specific user details
Admin actualizar usuario - Updating user information
Admin cambiar estado usuario - Changing user status (active/suspended)
Admin listar auditoría - Viewing audit logs

All admin operations are automatically tracked. Each request to an admin endpoint creates an audit log entry with the associated action description.

Database Schema

Audit logs are stored with the following structure (from prisma/schema.prisma:70-77):

model AuditLog {
  id        Int      @id @default(autoincrement())
  userId    Int
  action    String
  timestamp DateTime @default(now())

  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
}

Use Cases

Compliance Monitoring - Track all administrative changes for regulatory compliance
Security Audits - Review suspicious activities and access patterns
User Activity Analysis - Understand admin workflow and system usage
Incident Investigation - Trace actions leading to specific events or issues

Authentication

Users

Time Blocks

Reservations

Admin

Overview

Authentication

Authorization

Response

Example Request

Example Response

Error Responses

403 Forbidden

401 Unauthorized

500 Internal Server Error

Audit Actions

Database Schema

Use Cases

Build docs developers (and LLMs) love

Authentication

Users

Time Blocks

Reservations

Admin

​Overview

​Authentication

​Authorization

​Response

​Example Request

​Example Response

​Error Responses

​403 Forbidden

​401 Unauthorized

​500 Internal Server Error

​Audit Actions

​Database Schema

​Use Cases

Build docs developers (and LLMs) love

Overview

Authentication

Authorization

Response

Example Request

Example Response

Error Responses

403 Forbidden

401 Unauthorized

500 Internal Server Error

Audit Actions

Database Schema

Use Cases