Auditing your Redox platform

Last updated: Jul 22, 2025

PRODUCT OWNER

HCO

HEALTH TECH VENDOR

For any organization handling sensitive data, maintaining a clear and comprehensive audit trail is not just a best practice—it’s often a requirement for security compliance (like HIPAA and SOC 2). Our audit events provide a complete record of all significant actions taken within your Redox organization.

Why use auditing

Answer "who did what, and when?": Securely log all user activity, from viewing a log containing PHI to changing a user’s permissions.
Monitor for security risks: Proactively track events like failed login attempts or unauthorized access to confidential data.
Troubleshoot issues: See a step-by-step history of configuration changes to understand how and when a problem occurred.
Automate compliance: Use the Redox Platform API to programmatically pull audit events into your own security and compliance monitoring tools. Review the Get audit events spec.

Who can use auditing

Auditing is an advanced feature. Once you’ve upgraded your plan to include this advanced feature, auditing is available to Redox organization owners.

What events can you audit

Our auditing feature tracks two major categories of events:

User activity: An action a user takes that could affect your organization’s configuration or assets.
User access: An action a user takes related to user accounts and permissions.

Confidential data in audit events

Keep in mind that audit events may contain confidential data like personal health information (PHI), especially when viewing log payloads.

User activity events

For example, you can track who:

creates, updates, or deletes any connectivity settings (e.g., OAuth API keys, sources, or destinations);
views or modifies any data operations (e.g., translation sets, filters, config modifiers); and
views or searches logs, as well as runs log inspector.

Technical descriptions of user activity events

Review each available audit event and what they mean.

Audit event	Description
log-payload-viewed	Describes who viewed which logs and when. Learn about logs.
log-search	Describes who searched for which logs, including metadata and payloads. Learn how to search logs.
log-inspected	Describes any time a user runs log inspector to test or troubleshoot a log. Learn about log inspector.
oauth2-api-key-operation	Indicates when a user creates, updates, or deletes an OAuth API key. Learn about authenticating Redox APIs.
source-operation	Indicates when a user creates, updates, or deletes a source. For legacy API key users: This audit event also applies to actions taken on legacy API keys. This is because there’s a 1:1 relationship between sources and legacy API keys. Learn about authenticating and sending data via Redox.
destination-operation	Indicates when a user creates, updates, or deletes a destination configured to receive data within a Redox organization. Learn about receiving data from Redox.
auth-credential-viewed	Describes who viewed which auth credential and when. Learn about auth credentials.
auth-credential-operation	Indicates when a user creates, updates, or deletes an auth credential in a Redox organization. Learn about auth credentials.
customer-filter-viewed	Describes who viewed which filter and when. Learn about filters.
customer-filter-operation	Indicates when a user creates, updates, or deletes a filter for a subscription in a Redox organization. Learn about filters.
translation-set-viewed	Describes who viewed which translation set and when. Learn about translation sets.
translation-set-operation	Indicates when a user creates, updates, or deletes a translation set within a Redox organization. Learn about translation sets.
translation-set-link-viewed	Describes who viewed which translation set link and when. Learn about translation sets.
translation-set-link-operation	Indicates when a user creates, updates, or deletes a translation set link within a Redox organization. Learn about translation sets.
value-set-viewed	Describes who viewed which value set and when. Learn about value sets.
value-set-operation	Indicates when a user creates, updates, or deletes a value set within a Redox organization. Learn about value sets.
configurations-operation	Describes who viewed a Redox base config (within log inspector) and when. Learn about Redox base configs.
configuration-modifier-viewed	Describes who viewed which config modifier(s) and when. Learn about config modifiers.
configuration-modifier-operation	Indicates when a user creates, updates, or deletes a config modifier within a Redox organization. Learn about config modifiers.
configuration-modifier-link-viewed	Describes who viewed which config modifier link(s) and when. Learn about config modifiers.
configuration-modifier-link-operation	Indicates when a user creates, updates, or deletes a config modifier link within a Redox organization. Learn about config modifiers.
customer-alert-viewed	Describes who viewed which traffic alert rule and when. Learn about alert rules.
customer-alert-operation	Indicates when a user creates, updates, or deletes a traffic alert rule within a Redox organization. Learn about alert rules.
customer-alert-link-viewed	Describes who viewed which traffic alert rule link(s) and when. Learn about alert rules.
customer-alert-link-operation	Indicates when a user creates, updates, or deletes a traffic alert rule link within a Redox organization. Learn about alert rules.

User access events

For example, you can track when a user:

logs in or switches between Redox organizations;
invites a new user to join the organization; and
changes another user’s role assignment.

Technical descriptions of user access events

Audit event	Description
organization-loaded	Describes any time a user opens (i.e., loads) a Redox organization. This could be when a user automatically logs in to an organization or when a user switches to a different organization. Essentially, this is when an organization’s details are loaded for any reason, whether in the Redox dashboard or via API.
user-invited	Shows when a user is invited to join a Redox organization. Learn how to add a user to an organization.
user-joined	Shows when a new user accepts an invitation to join a Redox organization.
user-org-role-changed	Shows when an organization owner updates their own or other users’ role assignments to perform functions within a Redox organization. Depending on the role assignment, a user’s permissions could be elevated or lowered after this event. Learn about user roles.
user-removed	Shows when an organization owner removes a user’s role assignment within a given organization. Without an organization role, a user has zero access to the given organization, meaning they won’t even be able to see that it exists.
user-env-role-changed	Shows when an organization owner or admin updates their own or other users’ role assignments to perform functions within a given environment. Depending on the role assignment, a user’s permissions could be elevated or lowered after this event. Learn about user roles.
user-env-role-removed	Shows when an organization owner or admin removes a user’s role assignment within a given environment. Without an environment role, a user has zero access to the given environment, meaning they won’t even be able to see that it exists. Learn about user roles.

Audit event statuses

When you review audit events, they’ll have an associated status, which could be any of the following:

Audit event status	Description
attempted	A user tried to perform a given action in a Redox organization, but we’re not sure how it turned out yet. This is an interim state, and it could change to any of the other statuses to show the terminal state.
unauthorized	A user was logged in to a Redox organization but didn’t have the correct role assignment to complete the action.
unauthenticated	A user wasn’t logged in to a Redox organization when trying to complete the action.
failed	A user tried to complete an action but wasn’t successful for some reason.
successful	A user tried to complete an action and was successful.

FHIR® is a registered trademark of Health Level Seven International (HL7) and is used with the permission of HL7. Use of this trademark does not constitute an endorsement of products/services by HL7®.