Skip to main content
The Audit Log records every meaningful action taken in your AppointFlow business. It’s your “who did this?” answer when something looks off.

Where to find it

/admin/audit-log — accessible from the sidebar.

What gets logged

Every mutation in the admin dashboard is logged. Examples:
ActionWhat you’ll see
User logs inauth.login — user, timestamp, IP
Booking createdbooking.create — booking ID, customer, service
Booking status changedbooking.update_status — booking ID, old status → new status
Service updatedservice.update — service ID, what fields changed
Business hours savedbusiness_hour.update
Blocked time createdblocked_time.create
Team member inviteduser.create — invitee email
Payment receivedpayment.completed — booking ID, amount, provider
Settings changedsettings.update — what fields changed
Read-only actions (viewing the booking list, opening the calendar) are not logged — only mutations.

Each log entry shows

  • When — timestamp in your local timezone
  • Who — email of the team member (or “system” for automated jobs)
  • Action — like booking.update_status
  • Entity — the type of thing affected (Booking, Service, etc.)
  • Entity ID — the specific record’s ID (clickable to jump to it)
  • Summary — human-readable description (e.g., “Changed booking #abc12 from PENDING to CONFIRMED”)
  • Metadata — JSON details for power users (the specific field changes, IP address, etc.)

Filtering

Use the filter bar to narrow by:
  • User — show only actions by a specific team member
  • Action type — show only booking.* or only settings.*
  • Date range
  • Entity — show every action affecting a specific booking, customer, or service

Common investigations

  • “Who cancelled this booking?” Filter by Action: booking.update_status and the booking ID — you’ll see the team member who cancelled and when.
  • “Why did our pricing change?” Filter by Entity: Service and the service in question.
  • “Did anyone update our payment keys?” Filter by Action: payment_setting.update.

Retention

Audit logs are kept for 2 years by default. Older entries are archived and not visible in the UI, but can be retrieved on request for compliance purposes.

What about deletes?

Most “deletes” in AppointFlow are actually soft deletes (e.g., a deactivated service stays in the database). The audit log records both — you can see “service deactivated” as a service.update event, not a service.delete. True hard deletes (e.g., removing a team member) are logged as user.delete with the removed user’s email preserved in metadata.

Exporting

Click Export at the top-right to download a CSV of the current filtered view. Useful for compliance reports or sharing with your accountant.