Core Concepts
Audit Logging
What Cresora logs, who can access logs, and how long they're retained.
Cresora maintains a comprehensive audit log of all API activity and Partner Portal actions for compliance, debugging, and dispute resolution.
What gets logged
| Event type | Examples |
|---|---|
| API requests | Every authenticated API call: method, endpoint, response status, timestamp |
| Payment actions | Created, captured, voided, refunded — with actor (API key or portal user) |
| Merchant lifecycle | Created, approved, suspended, closed |
| User actions | Portal logins, key rotations, merchant submissions |
| Webhook deliveries | Each delivery attempt, response status, retry count |
Log retention
| Log type | Retention |
|---|---|
| API request logs | 90 days |
| Payment audit trail | 7 years (PCI DSS requirement) |
| Portal user activity | 1 year |
| Webhook delivery logs | 30 days |
🔒PCI DSS
Payment audit logs are retained for 7 years per PCI DSS Requirement 10. Cresora manages this retention automatically — you do not need to archive them yourself.
Accessing logs
Audit logs are available in the Partner Portal under Reporting → Audit Log. You can filter by:
- Date range
- Actor (API key or portal user)
- Event type
- Merchant ID
Logs are also accessible via the Reporting API for programmatic access. See Reporting API →.
Log format
Each log entry includes:
{
"id": "log_xxxxxxxxxxxx",
"timestamp": "2026-05-29T10:00:00Z",
"actor": { "type": "api_key", "id": "key_xxxx", "prefix": "csk_test_" },
"action": "payment.create",
"resource": { "type": "payment", "id": "pay_xxxxxxxxxxxx" },
"result": "success",
"merchant_id": "mrch_xxxxxxxxxx",
"ip_address": "[redacted in API responses]"
}