It would be good to have the specific user or API key ID used in the action for audit purposes along with the OPs other suggestions. It would be great if these logs could be available as a feed to be consumed by a SIEM as well.

This missing is a bit of a security risk as if a user creates an API key we cannot audit it and understand who performed the action within our organization. Talking to support they could not tell us which user created an API key.

A user created an API key and then we could not tell who had performed the action though it was someone who we would have allowed to do it. Were we able to tell it was them, we'd not have needed to contact support. We had to reach out to all our users and figure this out which made this action overly costly.

A separate facet to this would be the need to access this information in a log feed which could be ingested to a SIEM to allow for general ingestion and automation of alerts and actions. This along with the information associated to a key would aid tying Mailgun into broader common security practices and also allow less support questions for what may normally be a standard task.

This is super important and especially so for API key actions. We cannot tell who created an API key and we need to audit such events.

API Access Audit Logs

Please provide audit logging for any and all API calls. Results should include
- Date/time
- Source IP
- API called
- Account used
- Query header
- Authentication Success/Failure