# Cursor Audit Logs Ingests audit log events from Cursor, capturing all team administrative actions and security-relevant activities. **Sync Type: Incremental** ## Requirements - A Cursor team account with admin access. - An Admin API Key to authenticate requests. Only team administrators can create keys. Follow these steps: 1. Navigate to [cursor.com/dashboard](https://cursor.com/dashboard). 2. Go to **Settings** → **Advanced** → **Admin API Keys**. 3. Create a new API key. The key will be displayed once — save it securely as it cannot be retrieved later. 4. Keys follow the format `crsr_` followed by 64 characters. ## Configuration The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below. ### Settings | Setting | Type | Required | Description | | ------- | ---- | -------- | ----------- | | Backfill Start Time | string | No | Date to start fetching data from (ISO 8601 / RFC 3339). | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | ### Secrets | Secret | Type | Required | Description | | ------ | ---- | -------- | ----------- | | API Key | string | Yes | Cursor API key used for authentication (used as HTTP Basic Auth username with an empty password). | ## Connector Limitations - The API accepts a maximum time-range window of 30 days per request. - Maximum of 500 records per page. - This connector is subject to Cursor's API rate limits (20 requests per minute). ## Troubleshooting ### Common Issues #### 1. Authentication Failures (401 Unauthorized) **Symptoms**: Error message indicating authentication failure or invalid credentials when connecting **Causes**: - API key is incorrect or has been revoked - API key was not copied correctly (e.g., missing `crsr_` prefix or truncated) - API key was generated from the wrong location (must use Admin API Keys, not Analytics or Cloud Agents keys) - Extra whitespace in the API key value **Solutions**: - Verify the API key starts with `crsr_` followed by 64 characters - Navigate to [cursor.com/dashboard](https://cursor.com/dashboard) → **Settings** → **Advanced** → **Admin API Keys** and confirm the key exists and is active - Regenerate the key if it may have been compromised; keys are only shown once at creation - Ensure no leading or trailing spaces were included when entering the key #### 2. Permission Denied (403 Forbidden) **Symptoms**: Request returns 403 Forbidden; may indicate Enterprise-only feature access **Causes**: - The API key was generated by a non-admin user - The team is not on an Enterprise plan (audit logs may require Enterprise) - The key scope does not include `admin:*` **Solutions**: - Confirm the key was created by a team **Administrator** under **Settings** → **Advanced** → **Admin API Keys** - Verify the team's subscription includes audit log access - All Admin API keys require `admin:*` scope; read-only scopes are not sufficient #### 3. Rate Limit Exceeded (429 Too Many Requests) **Symptoms**: Requests fail with `429 Too Many Requests` during sync **Causes**: - The connector is exceeding the 20 requests per minute limit for the Admin API - Burst of requests during initial backfill over a large date range **Solutions**: - The connector respects Cursor's rate limits automatically; retries use exponential backoff - If hitting limits frequently, reduce the backfill window by setting a more recent **Backfill Start Time** - Avoid running multiple pipelines using the same API key simultaneously #### 4. No Audit Logs Appearing **Symptoms**: Connector runs successfully but returns no data **Causes**: - No audit events occurred in the specified time range - `Backfill Start Time` is set to a time with no activity - Audit logging may not be enabled or available for the team's plan **Solutions**: - Verify that administrative actions have occurred in the Cursor team during the target period - Confirm the team plan includes audit log access #### 5. Invalid Backfill Start Time **Symptoms**: Validation error when saving the input configuration **Causes**: - Date is not in ISO 8601 / RFC 3339 format - Timestamp is set in the future - Invalid date/time values **Solutions**: - Use RFC 3339 format: `2024-01-01T00:00:00Z` (UTC) or `2024-01-01T00:00:00-05:00` (with offset) - Ensure the date is not in the future - The connector splits time ranges into 30-day windows automatically; no need to manually limit the range ## Related Resources - [Cursor API Documentation](https://cursor.com/docs/api) - [Cursor API Authentication](https://cursor.com/docs/api#basic-authentication) - [Cursor Admin API - Get Audit Logs](https://cursor.com/docs/account/teams/admin-api#get-audit-logs) ## Sample Record ```json { "event_id": "evt_abc123def456", "timestamp": "2024-05-15T10:30:45.123456Z", "ip_address": "192.0.2.1", "user_email": "user@example.com", "event_type": "add_user", "event_data": { "email": "newuser@example.com", "method": "manual", "ip_address": "192.0.2.1", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" } } ```