diff --git a/docs.json b/docs.json
index efa888c..13ab500 100644
--- a/docs.json
+++ b/docs.json
@@ -327,7 +327,8 @@
},
"guides/dashboard/travel-rule",
"guides/dashboard/admin/approvals",
- "guides/dashboard/admin/reports"
+ "guides/dashboard/admin/reports",
+ "guides/dashboard/admin/audit-log"
]
},
{
diff --git a/guides/dashboard/admin/audit-log.mdx b/guides/dashboard/admin/audit-log.mdx
new file mode 100644
index 0000000..df27374
--- /dev/null
+++ b/guides/dashboard/admin/audit-log.mdx
@@ -0,0 +1,78 @@
+---
+title: 'User Audit Logs'
+description: Track and review every user action within your Entity with full request/response visibility.
+---
+
+Go to [Admin > User Audit Logs](https://dashboard.paxos.com/admin/audit-log) to view a comprehensive record of all user actions performed within your Entity.
+
+User Audit Logs provide full visibility into user activity, helping you maintain security oversight, debug issues, and meet compliance requirements.
+
+## Key features
+
+- **Full activity history** — Every user action (creates, updates, deletes) is recorded with who did it, when, and from what IP address.
+- **Request/response visibility** — View the exact payload sent and the response returned for any action, useful for debugging or compliance review.
+- **Sensitive data redaction** — Passwords, tokens, keys, and PII are automatically stripped before storage so they're never exposed in logs.
+
+{/* Screenshot: User Audit Logs overview page showing the main log table */}
+
+## Viewing audit logs
+
+The User Audit Logs display a chronological list of all user actions including:
+
+- API requests (creates, updates, deletes)
+- User sign-ins and authentication events
+- Role and permission changes
+- Team member invitations and removals
+- API credential creation and deletion
+- Configuration changes
+- Transaction approvals and rejections
+
+Each log entry includes:
+
+| Field | Description |
+|-------|-------------|
+| Timestamp | Date and time the action occurred (UTC). |
+| User | The user who performed the action. |
+| IP Address | The IP address from which the action originated. |
+| HTTP Method | The request method (GET, POST, PUT, PATCH, DELETE). |
+| API Path | The endpoint that was called. |
+| Status Code | The HTTP response status code. |
+| Domain | The category of the action (e.g., Transfers, Webhooks). |
+
+{/* Screenshot: Expanded log entry showing request and response details */}
+
+## Filtering audit logs
+
+Use the filters at the top of the page to narrow results. You can combine multiple filters to find specific activity.
+
+### Available filters
+
+| Filter | Description |
+|--------|-------------|
+| **User** | Filter by one or more specific users. |
+| **HTTP Method** | Filter by request method: GET, POST, PUT, PATCH, or DELETE. |
+| **API Path** | Substring search on the endpoint path (e.g., "webhooks"). |
+| **Domain** | Filter by category (e.g., Transfers, Webhooks, Profiles). |
+| **Status Code** | Filter by response status range: 2xx successes, 4xx client errors, 5xx server errors. |
+| **Time Range** | Filter by before, after, or between specific dates. |
+
+{/* Screenshot: Filter panel with multiple filters applied */}
+
+## Viewing request and response details
+
+Click on any log entry to expand it and view:
+
+- **Request payload** — The exact data sent in the API request.
+- **Response payload** — The full response returned by the system.
+
+This is useful for debugging failed requests or reviewing exactly what data was submitted for compliance purposes.
+
+
+Sensitive data such as passwords, API keys, tokens, and personally identifiable information (PII) is automatically redacted from stored logs.
+
+
+{/* Screenshot: Expanded entry showing redacted sensitive fields in request/response */}
+
+
+Regular audit log reviews help identify unusual activity and ensure compliance with your organization's security policies.
+