Release Date
This feature is scheduled for release on June 29.
The audit log is a record of administrative changes made on your NewStore platform. Every time a tracked resource (such as a user, role, API client, identity provider, location, or platform configuration setting) is created, modified, or deleted, an audit event is recorded that captures who made the change, what was changed (including the full before and after state), when it happened, and from where. The audit log is built for compliance, security review, and troubleshooting. You can browse the log in the Omnichannel Manager (NOM) or read it programmatically through the API.
Note
Events are typically available within a few minutes of the operation. The audit log is a queryable record, not a real-time event stream.
What the audit log records
Each event records one of three operations against a tracked resource.
Operation | Description |
|---|---|
CREATED | A new resource was created (an after snapshot is captured) |
UPDATED | An existing resource was changed (before and after snapshots are captured) |
DELETED | A resource was removed (a before snapshot is captured) |
Resource | What changes are tracked |
|---|---|
api-client | Name, scopes, and configuration |
email-configuration | Email delivery and notification settings |
identity-provider | Single sign-on (SSO) identity-provider configuration |
location | Location (store) records |
nom-configuration | Omnichannel Manager (NOM) settings |
provider-rate | Shipping provider rate configuration |
provider-rate-priorities | Priority order applied to shipping provider rates |
role | Name and permission set |
routing-configuration | Order routing and fulfillment routing rules |
shipment-configuration | Shipment handling and shipping settings |
store-configuration | Store-level configuration settings |
style | Style attributes applied to templates |
template | Document template definitions |
tenant-configuration | Tenant-wide platform configuration settings |
user | Profile fields, activation/deactivation, and role assignment |
Higher-level actions map onto these operations: disabling a user or changing assigned roles are both recorded as UPDATED events, with the specific change visible in the before/after snapshot (the active flag or the roles list, respectively).
Accessing the audit log
Access is controlled by a dedicated permission and API scope.
In NOM, the audit log view is gated by the
view audit eventspermission. To open it, your user's role must have this permission assigned.Via the API, the API client you authenticate with must hold the
audit-events:readscope. This scope is read-only and dedicated to the audit log.
Using the audit log in Omnichannel Manager
The audit log view is available in NOM under Tools > Audit Log. It presents events newest-first in a paginated table, with a filter bar for narrowing results by date range, operation, resource, resource ID, or actor.
Expand any row to see the full detail of an event: its metadata (who made the change, what was affected, when, and the originating request) alongside a field-by-field view of what changed, with before and after values highlighted.
Reading the audit log via the API
The audit log is also exposed as a read-only REST API that returns events as JSON, most recent first. It supports the same filtering as the NOM view (date range, operation, resource, resource ID, actor ID, and actor name) and uses cursor-based pagination with a page size of 100 records, so you can stream large result sets without skipping or duplicating events. Authenticate with an API client that holds the audit-events:read scope.
The API returns entries from the last 12 months. To retrieve audit data from before that window, contact NewStore support.
Note
The full API reference, covering endpoint paths, query parameters, the complete event schema, and response examples, is published separately.
Before and after snapshots
Every change carries a snapshot of the resource's state immediately before and immediately after the operation. Comparing the two shows exactly what changed: a user deactivation appears as the active flag flipping from true to false; a role assignment change appears as a difference in the roles list. The before snapshot is absent on CREATED events and the after snapshot is absent on DELETED events.
Note
The contents of the before/after snapshots are not covered by the API's versioning and compatibility guarantees. Their shape mirrors the underlying resource and may change without a breaking-change notice. Use them for human review and comparison; do not build strict schema validation against them.