Audit and Activity Logging
aprity maintains detailed activity records that serve as an audit trail for documentation generation. This page explains what is logged, how to access audit information, and how to use it for compliance and troubleshooting.
Scan History as Audit Trail
Every scan executed through aprity creates a permanent record in your scan history. Each scan record includes:
| Field | Description |
|---|---|
| Scan ID | Unique identifier for the scan |
| Initiated by | The Salesforce user who launched the scan |
| Timestamp | Date and time the scan was started (UTC) |
| Status | Final status (COMPLETED, COMPLETED_WITH_ERRORS, FAILED) |
| Duration | Total processing time |
| Configuration | Objects selected, output format, language, analysis options |
| Results summary | Number of pages generated, metadata items processed |
This history is accessible from the Scans tab in the aprity app and is visible to both Admin and User permission sets.
For compliance audits, the scan history demonstrates when documentation was generated, what was included, and who initiated each run. Export or screenshot the scan list as evidence of your documentation cadence.
What Is Logged
Scan lifecycle events
aprity tracks every phase of the scan lifecycle:
- Scan creation -- Who created the scan and with what configuration.
- Metadata extraction -- Which metadata types were fetched from the Salesforce org.
- Analysis processing -- How each object and rule was analyzed.
- Documentation generation -- Which output formats were produced.
- Completion or failure -- Final status with error details if applicable.
Feedback activity
Every feedback submission is logged with:
- The user who submitted it.
- The target object and section.
- The feedback kind (correction, rejection, addition, clarification).
- The timestamp of submission.
- The current status (ACTIVE, ARCHIVED, SUPERSEDED).
Connection events
- Registration -- When the org was first registered.
- Connection tests -- Each time an admin tests the JWT connection from Settings.
- Last sync timestamp -- The most recent successful communication between your org and the aprity platform.
What Is NOT Logged
aprity does not log:
- Business data values -- No Account names, Opportunity amounts, or Contact details.
- User credentials -- No passwords, tokens, or session IDs.
- Full metadata content -- Trigger source code and flow definitions are processed but not persisted in logs.
- Individual API request payloads -- Request details are used for HMAC verification but are not stored long-term.
Correlation IDs
Every API call between your Salesforce org and the aprity cloud platform includes a correlation ID in the request and response headers. This correlation ID:
- Uniquely identifies a single request-response cycle.
- Is propagated through all internal processing steps.
- Appears in aprity's server-side logs.
Using correlation IDs for support
If you encounter an error and need to contact support, include the correlation ID in your support request. This allows the aprity support team to trace the exact processing path of your request.
To find the correlation ID:
- If the error is displayed in the aprity UI, the correlation ID may appear in the error message detail.
- For API-level troubleshooting, the correlation ID is in the
X-Correlation-Idresponse header.
Data Retention for Audit Records
Audit records (scan history, feedback entries) follow the same retention policy as your plan:
| Plan | Retention |
|---|---|
| Trial | 14 days |
| Starter | 3 months |
| Professional | 12 months |
| Enterprise | Unlimited |
If your compliance requirements mandate longer retention than your plan provides, download documentation outputs and maintain scan records externally. Consider upgrading to Enterprise for unlimited retention.
Compliance Use Cases
SOC 2 audits
Scan history demonstrates:
- Regular documentation generation cadence.
- Who has access to documentation tools (permission set assignments).
- That metadata access uses certificate-based authentication (JWT Bearer).
Internal change management
Use scan history to:
- Correlate documentation updates with Salesforce deployment dates.
- Verify that documentation was regenerated after major releases.
- Track which objects were documented in each scan.
Regulatory reviews
For regulated industries:
- Business Rule Changelog (Professional and Enterprise) tracks rule changes between scans.
- Generated documentation provides point-in-time snapshots of your Salesforce configuration.
- Feedback entries demonstrate a review and correction process.