Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/own-pay/OwnPay-Documentation/llms.txt

Use this file to discover all available pages before exploring further.

The Audit Log is OwnPay’s built-in compliance and security trail. Every significant action taken by a staff member or the system — from a successful login to a gateway configuration change — is recorded here as an immutable, timestamped entry. Administrators can use the audit log to investigate suspicious activity, attribute configuration changes to specific users, and satisfy internal or external compliance requirements. Entries cannot be modified or deleted through the admin interface, preserving the integrity of the historical record. In the OwnPay admin dashboard, expand the REPORTS & FINANCE section in the left sidebar and click Audit Log. The activity log table loads, showing the most recent entries first.

What Gets Recorded

OwnPay records audit entries for all critical administrative events. Each entry captures the action tag, the user who performed it, the target entity, the timestamp, and the originating IP address. Examples of recorded action tags include login.success, login.failed, gateway.created, gateway.updated, brand.updated, and settings.saved.

Audit Log Columns

Each entry in the audit log table provides the following fields:
ColumnDescription
TimeThe exact date and time the event occurred (month, day, and time displayed in the brand’s configured timezone).
UserThe name of the staff member or system actor who triggered the event (e.g. Admin User, System).
ActionThe event identifier tag (e.g. gateway.created, login.failed, brand.updated).
EntityThe target object affected by the action (e.g. manual_gateway #2, user #1, merchant #3).
IPThe network address from which the request originated.

Using the Audit Log for Compliance Reviews

The audit log is the primary tool for two important compliance use cases:

Investigating Unauthorised Access Attempts

  1. Filter the Action column to show login.failed entries.
  2. Examine the IP column for repeated failures from the same address.
  3. If a single IP shows multiple failed attempts in a short window, consider blocking or rate-limiting that address at your server firewall to prevent brute-force attacks.

Attributing Configuration Changes

When a gateway stops working, a brand’s colours change unexpectedly, or a setting reverts without explanation:
  1. Filter the Action column for the relevant event tag (e.g. gateway.updated, brand.updated, or settings.saved).
  2. Identify the Time entry closest to when the issue was first observed.
  3. Check the User column to determine which staff member made the change.
  4. Coordinate with that team member to understand and reverse any unintended modifications.
Cross-reference Audit Log timestamps with the Reports page to correlate revenue drops or spikes with specific configuration changes. For example, a sudden drop in completed transactions after a gateway.updated entry is a strong indicator of a credential or status change.

Audit Log Data Retention

Audit entries are written to the op_audit_logs database table and are immutable from the admin portal — no staff member can edit or delete individual entries through the interface. In production environments, a scheduled cron task should archive entries older than 90 days to a secondary storage location to manage database growth while preserving compliance records.
Audit log entries are scoped by brand. Staff members can only see log entries that belong to their assigned brand (merchant_id). Super-administrators can see entries across all brands. This scoping prevents cross-brand data exposure in multi-tenant environments.
Never disable the audit logging system, even temporarily for maintenance purposes. Audit logs are a mandatory component for security compliance. Gaps in the log history can undermine investigation timelines and may violate regulatory requirements if you process payments subject to financial auditing standards.

Build docs developers (and LLMs) love