Cursor

Cursor Audit Logs

Ingests audit log events from Cursor, capturing all team administrative actions and security-relevant activities.

Sync Type: Incremental

Requirements

A Cursor team account with admin access.
An Admin API Key to authenticate requests. Only team administrators can create keys. Follow these steps:
1. Navigate to cursor.com/dashboard.
2. Go to Settings → Advanced → Admin API Keys.
3. Create a new API key. The key will be displayed once — save it securely as it cannot be retrieved later.
4. Keys follow the format crsr_ followed by 64 characters.

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Backfill Start Time	string	No	Date to start fetching data from (ISO 8601 / RFC 3339).

Secrets

Secret	Type	Required	Description
API Key	string	Yes	Cursor API key used for authentication (used as HTTP Basic Auth username with an empty password).

Connector Limitations

The API accepts a maximum time-range window of 30 days per request.
Maximum of 500 records per page.
This connector is subject to Cursor's API rate limits (20 requests per minute).

Troubleshooting

Common Issues

1. Authentication Failures (401 Unauthorized)

Symptoms: Error message indicating authentication failure or invalid credentials when connecting

Causes:

API key is incorrect or has been revoked
API key was not copied correctly (e.g., missing crsr_ prefix or truncated)
API key was generated from the wrong location (must use Admin API Keys, not Analytics or Cloud Agents keys)
Extra whitespace in the API key value

Solutions:

Verify the API key starts with crsr_ followed by 64 characters
Navigate to cursor.com/dashboard → Settings → Advanced → Admin API Keys and confirm the key exists and is active
Regenerate the key if it may have been compromised; keys are only shown once at creation
Ensure no leading or trailing spaces were included when entering the key

2. Permission Denied (403 Forbidden)

Symptoms: Request returns 403 Forbidden; may indicate Enterprise-only feature access

Causes:

The API key was generated by a non-admin user
The team is not on an Enterprise plan (audit logs may require Enterprise)
The key scope does not include admin:*

Solutions:

Confirm the key was created by a team Administrator under Settings → Advanced → Admin API Keys
Verify the team's subscription includes audit log access
All Admin API keys require admin:* scope; read-only scopes are not sufficient

3. Rate Limit Exceeded (429 Too Many Requests)

Symptoms: Requests fail with 429 Too Many Requests during sync

Causes:

The connector is exceeding the 20 requests per minute limit for the Admin API
Burst of requests during initial backfill over a large date range

Solutions:

The connector respects Cursor's rate limits automatically; retries use exponential backoff
If hitting limits frequently, reduce the backfill window by setting a more recent Backfill Start Time
Avoid running multiple pipelines using the same API key simultaneously

4. No Audit Logs Appearing

Symptoms: Connector runs successfully but returns no data

Causes:

No audit events occurred in the specified time range
Backfill Start Time is set to a time with no activity
Audit logging may not be enabled or available for the team's plan

Solutions:

Verify that administrative actions have occurred in the Cursor team during the target period
Confirm the team plan includes audit log access

5. Invalid Backfill Start Time

Symptoms: Validation error when saving the input configuration

Causes:

Date is not in ISO 8601 / RFC 3339 format
Timestamp is set in the future
Invalid date/time values

Solutions:

Use RFC 3339 format: 2024-01-01T00:00:00Z (UTC) or 2024-01-01T00:00:00-05:00 (with offset)
Ensure the date is not in the future
The connector splits time ranges into 30-day windows automatically; no need to manually limit the range

Sample Record


Code
{
  "event_id": "evt_abc123def456",
  "timestamp": "2024-05-15T10:30:45.123456Z",
  "ip_address": "192.0.2.1",
  "user_email": "user@example.com",
  "event_type": "add_user",
  "event_data": {
    "email": "newuser@example.com",
    "method": "manual",
    "ip_address": "192.0.2.1",
    "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
  }
}

Last modified on May 19, 2026

Vulnerabilities Customer Event Data

Cursor

Cursor Audit Logs

Ingests audit log events from Cursor, capturing all team administrative actions and security-relevant activities.

Sync Type: Incremental

Requirements

A Cursor team account with admin access.
An Admin API Key to authenticate requests. Only team administrators can create keys. Follow these steps:
1. Navigate to cursor.com/dashboard.
2. Go to Settings → Advanced → Admin API Keys.
3. Create a new API key. The key will be displayed once — save it securely as it cannot be retrieved later.
4. Keys follow the format crsr_ followed by 64 characters.

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Backfill Start Time	string	No	Date to start fetching data from (ISO 8601 / RFC 3339).

Secrets

Secret	Type	Required	Description
API Key	string	Yes	Cursor API key used for authentication (used as HTTP Basic Auth username with an empty password).

Connector Limitations

The API accepts a maximum time-range window of 30 days per request.
Maximum of 500 records per page.
This connector is subject to Cursor's API rate limits (20 requests per minute).

Troubleshooting

Common Issues

1. Authentication Failures (401 Unauthorized)

Symptoms: Error message indicating authentication failure or invalid credentials when connecting

Causes:

API key is incorrect or has been revoked
API key was not copied correctly (e.g., missing crsr_ prefix or truncated)
API key was generated from the wrong location (must use Admin API Keys, not Analytics or Cloud Agents keys)
Extra whitespace in the API key value

Solutions:

Verify the API key starts with crsr_ followed by 64 characters
Navigate to cursor.com/dashboard → Settings → Advanced → Admin API Keys and confirm the key exists and is active
Regenerate the key if it may have been compromised; keys are only shown once at creation
Ensure no leading or trailing spaces were included when entering the key

2. Permission Denied (403 Forbidden)

Symptoms: Request returns 403 Forbidden; may indicate Enterprise-only feature access

Causes:

The API key was generated by a non-admin user
The team is not on an Enterprise plan (audit logs may require Enterprise)
The key scope does not include admin:*

Solutions:

Confirm the key was created by a team Administrator under Settings → Advanced → Admin API Keys
Verify the team's subscription includes audit log access
All Admin API keys require admin:* scope; read-only scopes are not sufficient

3. Rate Limit Exceeded (429 Too Many Requests)

Symptoms: Requests fail with 429 Too Many Requests during sync

Causes:

The connector is exceeding the 20 requests per minute limit for the Admin API
Burst of requests during initial backfill over a large date range

Solutions:

The connector respects Cursor's rate limits automatically; retries use exponential backoff
If hitting limits frequently, reduce the backfill window by setting a more recent Backfill Start Time
Avoid running multiple pipelines using the same API key simultaneously

4. No Audit Logs Appearing

Symptoms: Connector runs successfully but returns no data

Causes:

No audit events occurred in the specified time range
Backfill Start Time is set to a time with no activity
Audit logging may not be enabled or available for the team's plan

Solutions:

Verify that administrative actions have occurred in the Cursor team during the target period
Confirm the team plan includes audit log access

5. Invalid Backfill Start Time

Symptoms: Validation error when saving the input configuration

Causes:

Date is not in ISO 8601 / RFC 3339 format
Timestamp is set in the future
Invalid date/time values

Solutions:

Use RFC 3339 format: 2024-01-01T00:00:00Z (UTC) or 2024-01-01T00:00:00-05:00 (with offset)
Ensure the date is not in the future
The connector splits time ranges into 30-day windows automatically; no need to manually limit the range

Sample Record


Code
{
  "event_id": "evt_abc123def456",
  "timestamp": "2024-05-15T10:30:45.123456Z",
  "ip_address": "192.0.2.1",
  "user_email": "user@example.com",
  "event_type": "add_user",
  "event_data": {
    "email": "newuser@example.com",
    "method": "manual",
    "ip_address": "192.0.2.1",
    "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
  }
}

Last modified on May 19, 2026

Vulnerabilities Customer Event Data

Cursor Audit Logs

Requirements

Configuration

Settings

Secrets

Connector Limitations

Troubleshooting

Common Issues

1. Authentication Failures (401 Unauthorized)

2. Permission Denied (403 Forbidden)

3. Rate Limit Exceeded (429 Too Many Requests)

4. No Audit Logs Appearing

5. Invalid Backfill Start Time

Related Resources

Sample Record

Cursor Audit Logs

Requirements

Configuration

Settings

Secrets

Connector Limitations

Troubleshooting

Common Issues

1. Authentication Failures (401 Unauthorized)

2. Permission Denied (403 Forbidden)

3. Rate Limit Exceeded (429 Too Many Requests)

4. No Audit Logs Appearing

5. Invalid Backfill Start Time

Related Resources

Sample Record