Skip to main content
POST
/
v1
/
audit
/
export
Export audit log
curl --request POST \
  --url https://api.example.com/v1/audit/export \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "format": "<string>",
  "from": "<string>",
  "to": "<string>",
  "destination": {},
  "filters": {}
}
'

Overview

Triggers an asynchronous export of your tenant’s audit log. Exports are delivered as a compressed NDJSON file to the specified destination. Large exports may take several minutes to generate. Required role: admin

Request headers

Authorization
string
required
JWT Bearer token. Format: Bearer <your-jwt>.

Request body

format
string
required
Export format. One of: ndjson, csv.
from
string
required
ISO 8601 start timestamp (inclusive). Must be within your plan’s retention window.
to
string
required
ISO 8601 end timestamp (inclusive).
destination
object
Optional delivery destination. If omitted, the export is available via a signed download URL in the response. For S3: { "type": "s3", "bucket": "...", "prefix": "..." }.
filters
object
Optional filters to apply. Same filter keys as List audit log: actorType, action, incidentId.

Response

Returns 202 Accepted — the export is queued. 
{
  "exportId": "exp_01HX9VTPQR3KF8MZWBYD5N6JCE",
  "status": "queued",
  "estimatedRows": 18420,
  "format": "ndjson",
  "submittedAt": "2024-04-01T14:30:00Z",
  "downloadUrl": null
}
Poll GET /v1/audit/export/{exportId} until status is completed: 
{
  "exportId": "exp_01HX9VTPQR3KF8MZWBYD5N6JCE",
  "status": "completed",
  "rowCount": 18420,
  "downloadUrl": "https://exports.causeflow.ai/signed/exp_01HX9VTPQR...?expires=...",
  "downloadUrlExpiresAt": "2024-04-01T16:30:00Z",
  "completedAt": "2024-04-01T14:34:22Z"
}
FieldTypeDescription
exportIdstringUnique export job identifier
statusstringJob status: queued, running, completed, failed
downloadUrlstringSigned URL to download the export file. null until completed
downloadUrlExpiresAtstringExpiry for the signed download URL (2 hours from completion)

Error responses

StatusError codeDescription
400validation_errorInvalid date range or format
401unauthorizedMissing or invalid JWT
403forbiddenCaller lacks admin role
400range_exceeds_retentionRequested date range exceeds plan retention window

Examples

# Submit export
curl https://api.causeflow.ai/v1/audit/export \
  -X POST \
  -H "Authorization: Bearer eyJhbGc..." \
  -H "Content-Type: application/json" \
  -d '{
    "format": "ndjson",
    "from": "2024-03-01T00:00:00Z",
    "to": "2024-04-01T00:00:00Z"
  }'

# Poll status
curl https://api.causeflow.ai/v1/audit/export/exp_01HX9VTPQR3KF8MZWBYD5N6JCE \
  -H "Authorization: Bearer eyJhbGc..."

List audit log

Browse audit entries interactively

Verify integrity

Verify tamper-evidence hashes