Workspace activity history
const url = 'https://your-org.evershell.ai/v1/workspaces/example/activity?order=asc&limit=100';const options = {method: 'GET', headers: {Authorization: 'Bearer <token>'}};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request GET \ --url 'https://your-org.evershell.ai/v1/workspaces/example/activity?order=asc&limit=100' \ --header 'Authorization: Bearer <token>'Permissions: workspace:read or workspace:read:own
(creator-match on :own).
Returns category=activity audit events scoped to this
workspace — task lifecycle, agent events, workspace state
changes. For pure audit (proxy decisions, config changes),
use /workspaces/{id}/audit.
Response shape mirrors /audit: {events, cursor?}. Cursor
is present when the page filled the requested limit; pass it
back as ?cursor=... for the next page (mutually exclusive
with after).
Two paging modes coexist:
cursor— precise composite keyset paging, same encoding as/audit(opaque; don’t construct or parse).after— loose timestamp-only “events since this point”, used by SSE replay flows where the consumer dedups by event id.
Pass one or the other, not both.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”Query Parameters
Section titled “Query Parameters ”Filter to events for one task.
Filter to a single event type (closed-enum).
Loose “events strictly after this timestamp” — useful for
SSE replay where exact resume isn’t needed. Mutually
exclusive with cursor.
Opaque resume pointer returned by a previous page’s
cursor field. Don’t construct or parse — pass it back
verbatim. A malformed cursor returns 400 invalid_cursor.
Responses
Section titled “ Responses ”One page of activity events.
object
object
Real WorkOS user id for session-authenticated requests and
proxy-emitted events; "system" for API-key-authenticated
and WorkOS-webhook-driven events.
Closed-enum — see Audit events for the catalog
Role name; populated only on workspace-scoped events.
Provider name; populated only on workspace-scoped events.
object
object
Per-counter snapshot at commit point (proxy allows).
object
Per-counter “ceiling applied” reasons (proxy allows).
object
Per-transform failure reasons.
object
Credential names whose mint succeeded on the request.
Per-credential mint failure reasons.
object
Opaque resume pointer for the next page. Present only when the page filled the requested limit.
Example
{ "events": [ { "category": "audit", "actor": "control-plane", "decision": "allow", "phase": "request_headers", "policy_type": "http" } ]}Malformed cursor, or after and cursor both supplied.
object
object
Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)
Human-readable summary
Server-generated request id for correlating logs
Optional structured context. Validation errors land at
details.fields as a per-field map.
object
Example
{ "error": { "code": "permission_denied", "message": "caller lacks required scope", "request_id": "7f3a9c2e" }}Resource not found in the caller’s org
object
object
Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)
Human-readable summary
Server-generated request id for correlating logs
Optional structured context. Validation errors land at
details.fields as a per-field map.
object
Example
{ "error": { "code": "permission_denied", "message": "caller lacks required scope", "request_id": "7f3a9c2e" }}