Include API activities in the audit log as well, such as which device has been modified on which field, IP that makes the connection/request, etc.
