Skip to main content
GET
/
v1
/
audit
List audit log
curl --request GET \
  --url https://api.example.com/v1/audit \
  --header 'Authorization: <authorization>'

Overview

Returns a paginated, tamper-evident audit log of all actions taken in your tenant. Includes API calls, user decisions, AI agent actions, and system events. Entries are immutable — they cannot be modified or deleted. Required role: admin

Request headers

Authorization
string
required
JWT Bearer token. Format: Bearer <your-jwt>.

Query parameters

actorType
string
Filter by who performed the action. One of: user, ai_agent, system.
action
string
Filter by specific action type (e.g. remediation.approved, user.created).
incidentId
string
Filter entries related to a specific incident.
from
string
ISO 8601 start timestamp (inclusive).
to
string
ISO 8601 end timestamp (inclusive).
limit
integer
Maximum results. Default: 50. Maximum: 500.
cursor
string
Pagination cursor from a previous response.

Response

Returns 200 OK. 
{
  "items": [
    {
      "auditId": "aud_01HX9VTPQR3KF8MZWBYD5N6JCE",
      "timestamp": "2024-04-01T14:36:00Z",
      "action": "remediation.approved",
      "actorType": "user",
      "actorId": "user_01HX9VTPQR3KF8MZWBYD5N6JCE",
      "actorEmail": "alice@example.com",
      "resourceType": "remediation",
      "resourceId": "rem_01HX9VTPQR3KF8MZWBYD5N6JCE",
      "incidentId": "inc_EXAMPLE_01JX",
      "metadata": {
        "notes": "Confirmed with DBA — safe to scale pool.",
        "ipAddress": "203.0.113.45"
      },
      "hash": "sha256:a4b2c3d4e5f6..."
    }
  ],
  "total": 1842,
  "nextCursor": "eyJsYXN0SWQiOiJhdWRfMDFIWDlWVFBRUjNLRjhNWldCWUQ1TjZKQ0UifQ"
}
FieldTypeDescription
auditIdstringUnique audit entry identifier
timestampstringISO 8601 timestamp of the event
actionstringAction that was performed
actorTypestringWho performed the action: user, ai_agent, system
actorIdstringUser or agent ID
resourceTypestringType of resource affected
resourceIdstringID of the affected resource
hashstringSHA-256 hash of this entry for tamper detection — see Verify integrity

Error responses

StatusError codeDescription
401unauthorizedMissing or invalid JWT
403forbiddenCaller lacks admin role

Examples

curl "https://api.causeflow.ai/v1/audit?action=remediation.approved&limit=20" \
  -H "Authorization: Bearer eyJhbGc..."

Verify integrity

Verify the tamper-evidence hash of audit entries

Export audit log

Export audit logs for compliance