Activity API
The Activity API exposes the audit log for your project — a reverse-chronological feed of every significant action taken on jobs, alerts, and recurring schedules. The dashboard's Activity Feed is powered by this endpoint.
A note on terminology. "Audit log" (the database table
AuditLogs), "activity feed" (the UI surface), and "activity API" (this endpoint) describe the same underlying data —AuditLogrows tagged with anActivityKindenum value. The endpoint is named/activitybecause that's what the dashboard surface is called; the data is the audit log. Bulk export of the same rows for compliance purposes is available viaGET /flare/v1/projects/{projectId}/audit-log/export.
Base URL: https://api.zeridion.com/flare/v1
All endpoints require Bearer token authentication and are subject to rate limits.
GET /flare/v1/activity
List recent activity events for the authenticated project, newest first.
Request
GET /flare/v1/activity?limit=20
Authorization: Bearer <api_key>
Query parameters
| Param | Type | Default | Description |
|---|---|---|---|
limit | integer | 20 | Number of results per page. Clamped to 1–100. |
cursor | string | — | Opaque cursor from a previous response's next_cursor. Omit for the first page. |
Response
200 OK
{
"data": [
{
"id": "01JAXBKM3N4P5Q6R7S8T9UVWXY",
"kind": "job_created",
"target_type": "job",
"target_id": "job_01HYX3K7M8N9P2Q4R5S6T7U8V9",
"summary": "Job enqueued: email.send",
"metadata": "{\"queue\":\"email\"}",
"created_at": "2026-03-18T15:30:00Z"
},
{
"id": "01JAXBKM3N4P5Q6R7S8T9UVWXZ",
"kind": "alert_created",
"target_type": "alert",
"target_id": "alert_01HYX3K7M8N9P2Q4R5S6T7U8V0",
"summary": "Alert created: job_failed → ops@example.com",
"metadata": null,
"created_at": "2026-03-17T09:00:00Z"
}
],
"has_more": true,
"next_cursor": "MjAyNi0wMy0xN1QwOTowMDowMForfDB..."
}
Response fields
| Field | Type | Description |
|---|---|---|
data | array | Array of activity items. Sorted by created_at descending with id as tiebreaker. |
has_more | boolean | true if more results exist beyond this page. |
next_cursor | string | Pass as cursor on the next request to get the next page. null when has_more is false. |
Activity item fields
| Field | Type | Description |
|---|---|---|
id | string | Unique audit log entry ID (ULID). |
kind | string | Activity kind. See ActivityKind values below. |
target_type | string | Resource type affected: "job", "alert", or "recurring". |
target_id | string | ID of the affected resource, or null if not applicable. |
summary | string | Human-readable description of the event. |
metadata | string | JSON string with additional context (e.g. queue name), or null. |
created_at | string (ISO 8601) | When the event was recorded. |
ActivityKind values
The full, frozen list of kind wire values is maintained in the lock file docs/api/activity-kinds.json — the source of truth that CI tests pin to the ActivityKind enum. Existing values are stable across releases; new kinds are appended (never renumbered).
The full enumeration today is 28 values: the eight job/alert/recurring kinds tabulated below (the ones most commonly seen in the activity feed) plus api_key_rotated, api_key_revoked, account_deleted, terms_accepted, password_reset, password_changed, admin_rate_limit_override, project_renamed, project_deleted, webhook_created, webhook_updated, webhook_deleted, two_factor_enabled, two_factor_disabled, recovery_codes_regenerated, recovery_code_used, profile_updated, promo_code_applied, retry_policy_updated, team_invite_accepted, audit_log_exported, and jobs_exported.
| Value | Description |
|---|---|
job_created | A job was enqueued via POST /flare/v1/jobs. |
job_cancelled | A job was cancelled via POST /flare/v1/jobs/{id}/cancel. |
job_retried | A job was manually retried via POST /flare/v1/jobs/{id}/retry. |
alert_created | An alert setting was created via POST /flare/v1/alerts. |
alert_updated | An alert setting was updated via PUT /flare/v1/alerts/{id}. |
alert_deleted | An alert setting was deleted via DELETE /flare/v1/alerts/{id}. |
recurring_upserted | A recurring schedule was created or updated. |
recurring_deleted | A recurring schedule was deleted. |
Pagination
The API uses cursor-based pagination. Cursors encode the created_at timestamp and id of the last-seen row, so new events written between pages do not cause rows to be skipped or duplicated.
# Page 1
curl "https://api.zeridion.com/flare/v1/activity?limit=20" \
-H "Authorization: Bearer $API_KEY"
# Page 2 (using next_cursor from page 1)
curl "https://api.zeridion.com/flare/v1/activity?limit=20&cursor=MjAyNi0w..." \
-H "Authorization: Bearer $API_KEY"
Iterate until has_more is false. Cursors are opaque — do not parse or construct them manually.
See also
- Audit Log Export — stream the full audit log as CSV or NDJSON
- Alerts API — configure thresholds that fire from activity-derived metrics
- Errors —
invalid_cursor,rate_limit_exceeded, and other failure modes