Audit & Token Management

Review recent mutations, revert supported audit records, and manage personal API tokens. Token list responses expose metadata only; plaintext token values are returned once at creation time.

Audit & Revert#

Audit log#

GET/api/audit

List the latest audit records for the user.

Request

optional query from, to as YYYY-MM-DD and entity as TimeEntry, DayComment, or DayFile

Response

up to 200 audit objects with id, entityType, entityId, action, previousData, newData, source, and createdAt

POST/api/audit/:id/revert

Revert one owned audit record where possible.

Request

No request body.

Response

JSON { success: true }; 400 when the revert cannot be applied.

Token Management#

Plaintext tokens are returned only by POST /api/tokens. Store the value immediately; later reads return metadata only.

Tokens#

GET/api/tokens

List API tokens for the authenticated user.

Request

No request body.

Response

array with id, name, lastUsedAt, and createdAt

POST/api/tokens

Create a token and return its plaintext value once.

Request

JSON { name: string }; 1 to 100 chars.

Response

201 with id, name, createdAt, and plaintext token

DELETE/api/tokens/:id

Revoke one owned API token.

Request

No request body.

Response

JSON { success: true }; 404 when missing or not owned.