diff --git a/http-api/middlewares.py b/http-api/middlewares.py
index fcdcb7a..1a0d720 100644
--- a/http-api/middlewares.py
+++ b/http-api/middlewares.py
@@ -11,6 +11,7 @@ from aws_lambda_powertools.shared.functions import (
 )
 from layercake.dateutils import now, ttl
 from layercake.dynamodb import ComposeKey, DynamoDBCollection, KeyPair
+from layercake.funcs import pick
 from pydantic import UUID4, BaseModel, Field
 
 LOG_RETENTION_DAYS = 365 * 2  # 2 years
@@ -43,17 +44,33 @@ class AuthorizerMiddleware(BaseMiddlewareHandler):
 
 class AuditLogMiddleware(BaseMiddlewareHandler):
     """This middleware logs audit details for successful requests, storing user,
-    action, and IP info with a specified retention period.."""
+    action, and IP info with a specified retention period.
+
+    Parameters
+    ----------
+    action : str
+        The identifier for the audit log action.
+    collect : DynamoDBCollection
+        The collection instance used to persist the audit log data.
+    audit_attrs : tuple of str, optional
+        A tuple of attribute names to extract from the response body for logging.
+        These represent the specific fields to include in the audit log.
+    retention_days : int or None, optional
+        The number of days the log is retained on the server.
+        If None, no time-to-live (TTL) will be applied.
+    """
 
     def __init__(
         self,
         action: str,
         /,
         collect: DynamoDBCollection,
+        audit_attrs: tuple[str, ...] = (),
         retention_days: int | None = LOG_RETENTION_DAYS,
     ) -> None:
         self.action = action
         self.collect = collect
+        self.audit_attrs = audit_attrs
         self.retention_days = retention_days
 
     def handler(
@@ -71,7 +88,7 @@ class AuditLogMiddleware(BaseMiddlewareHandler):
         if 200 <= response.status_code < 300 and user:
             now_ = now()
             data = (
-                extract_event_from_common_models(response.body)
+                pick(self.audit_attrs, extract_event_from_common_models(response.body))
                 if response.is_json()
                 else None
             )
diff --git a/http-api/routes/courses/__init__.py b/http-api/routes/courses/__init__.py
index 894e01a..53aaf08 100644
--- a/http-api/routes/courses/__init__.py
+++ b/http-api/routes/courses/__init__.py
@@ -43,7 +43,9 @@ def get_courses():
     '/',
     compress=True,
     tags=['Course'],
-    middlewares=[AuditLogMiddleware('COURSE_ADD', collect)],
+    middlewares=[
+        AuditLogMiddleware('COURSE_ADD', collect, ('id', 'name')),
+    ],
 )
 def post_course(payload: Course):
     create_course(