Audit trail
Every AI request processed by ModelRiver generates a comprehensive audit record:
- Timestamps: Request received, processing start, provider response, and completion times
- Provider details: Which provider and model processed the request, including fallback attempts
- Token counts: Prompt, completion, and total tokens for cost attribution
- Cache metadata: Customer data fields echoed from the request
- Webhook delivery: Status of all webhook delivery attempts
- Timeline events: Complete request lifecycle including retries and callbacks
Log export
Export request logs for external archiving, analytics, or compliance systems:
- Filtered exports: Export logs matching specific date ranges, workflows, or statuses
- Structured format: Exports are available in JSON format for easy ingestion
- SIEM integration: Integrations with SIEM tools are available on request for enterprise plans
Access controls
- Invite-only access: Dashboard access is controlled by project-level invitations
- Per-key isolation: Separate API keys per environment prevent cross-contamination
- Session security: Dashboard sessions use secure, HttpOnly cookies with configurable timeouts
Compliance checklist
| Requirement | ModelRiver support |
|---|---|
| Request audit trail | ✅ Complete lifecycle logging |
| Data encryption at rest | ✅ Provider credentials and sensitive data |
| Data encryption in transit | ✅ TLS 1.2+ for all connections |
| Access control | ✅ Project-level invitations and API keys |
| Data deletion | ✅ On request with confirmation |
| Log export | ✅ JSON export with filtering |
| Webhook signing | ✅ HMAC-SHA256 signature verification |
Least privilege principle
Maintain security by following least privilege:
- Issue dedicated API keys for each service or team
- Use short-lived keys (1-day or 7-day expiration) for development environments
- Revoke keys immediately when team members leave or integrations are decommissioned
- Review active keys periodically in Settings → API Keys
Next steps
- API keys: Manage authentication credentials
- Provider credentials: Secure AI provider tokens
- Observability: Monitor and audit request logs