Cursor
Cursor Audit Logs
Ingests audit log events from Cursor, capturing all team administrative actions and security-relevant activities.
Sync Type: Incremental
Requirements
- A Cursor team account with admin access.
- An Admin API Key to authenticate requests. Only team administrators can create keys. Follow these steps:
- Navigate to cursor.com/dashboard.
- Go to Settings → Advanced → Admin API Keys.
- Create a new API key. The key will be displayed once — save it securely as it cannot be retrieved later.
- Keys follow the format
crsr_followed by 64 characters.
Configuration
The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.
Settings
| Setting | Type | Required | Description |
|---|---|---|---|
| Backfill Start Time | string | No | Date to start fetching data from (ISO 8601 / RFC 3339). |
| API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See API Rate Limiting for the field format, limits, and how to choose a value. |
Secrets
| Secret | Type | Required | Description |
|---|---|---|---|
| API Key | string | Yes | Cursor API key used for authentication (used as HTTP Basic Auth username with an empty password). |
Connector Limitations
- The API accepts a maximum time-range window of 30 days per request.
- Maximum of 500 records per page.
- This connector is subject to Cursor's API rate limits (20 requests per minute).
Troubleshooting
Common Issues
1. Authentication Failures (401 Unauthorized)
Symptoms: Error message indicating authentication failure or invalid credentials when connecting
Causes:
- API key is incorrect or has been revoked
- API key was not copied correctly (e.g., missing
crsr_prefix or truncated) - API key was generated from the wrong location (must use Admin API Keys, not Analytics or Cloud Agents keys)
- Extra whitespace in the API key value
Solutions:
- Verify the API key starts with
crsr_followed by 64 characters - Navigate to cursor.com/dashboard → Settings → Advanced → Admin API Keys and confirm the key exists and is active
- Regenerate the key if it may have been compromised; keys are only shown once at creation
- Ensure no leading or trailing spaces were included when entering the key
2. Permission Denied (403 Forbidden)
Symptoms: Request returns 403 Forbidden; may indicate Enterprise-only feature access
Causes:
- The API key was generated by a non-admin user
- The team is not on an Enterprise plan (audit logs may require Enterprise)
- The key scope does not include
admin:*
Solutions:
- Confirm the key was created by a team Administrator under Settings → Advanced → Admin API Keys
- Verify the team's subscription includes audit log access
- All Admin API keys require
admin:*scope; read-only scopes are not sufficient
3. Rate Limit Exceeded (429 Too Many Requests)
Symptoms: Requests fail with 429 Too Many Requests during sync
Causes:
- The connector is exceeding the 20 requests per minute limit for the Admin API
- Burst of requests during initial backfill over a large date range
Solutions:
- The connector respects Cursor's rate limits automatically; retries use exponential backoff
- If hitting limits frequently, reduce the backfill window by setting a more recent Backfill Start Time
- Avoid running multiple pipelines using the same API key simultaneously
4. No Audit Logs Appearing
Symptoms: Connector runs successfully but returns no data
Causes:
- No audit events occurred in the specified time range
Backfill Start Timeis set to a time with no activity- Audit logging may not be enabled or available for the team's plan
Solutions:
- Verify that administrative actions have occurred in the Cursor team during the target period
- Confirm the team plan includes audit log access
5. Invalid Backfill Start Time
Symptoms: Validation error when saving the input configuration
Causes:
- Date is not in ISO 8601 / RFC 3339 format
- Timestamp is set in the future
- Invalid date/time values
Solutions:
- Use RFC 3339 format:
2024-01-01T00:00:00Z(UTC) or2024-01-01T00:00:00-05:00(with offset) - Ensure the date is not in the future
- The connector splits time ranges into 30-day windows automatically; no need to manually limit the range
Related Resources
Sample Record
Code
Last modified on