Skip to main content
POST
/
v1
/
audit
/
verify
Verify audit integrity
curl --request POST \
  --url https://api.example.com/v1/audit/verify \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "auditIds": [
    {}
  ]
}
'

Overview

Verifies the SHA-256 integrity hash of audit entries. Use this during compliance audits or incident reviews to confirm that audit records have not been altered since they were written. Required role: admin

Request headers

Authorization
string
required
JWT Bearer token. Format: Bearer <your-jwt>.

Request body

auditIds
array
required
List of audit entry IDs to verify. Maximum 100 per request.

Response

Returns 200 OK. 
{
  "results": [
    {
      "auditId": "aud_01HX9VTPQR3KF8MZWBYD5N6JCE",
      "verified": true,
      "computedHash": "sha256:a4b2c3d4e5f6...",
      "storedHash": "sha256:a4b2c3d4e5f6..."
    }
  ],
  "allVerified": true
}
FieldTypeDescription
results[].auditIdstringThe audit entry ID
results[].verifiedbooleantrue if computed and stored hashes match
results[].computedHashstringHash recomputed from the entry data
results[].storedHashstringHash stored at write time
allVerifiedbooleantrue if every entry in the request verified successfully

Error responses

StatusError codeDescription
400validation_errorauditIds is empty or exceeds 100 entries
401unauthorizedMissing or invalid JWT
403forbiddenCaller lacks admin role
404audit_entry_not_foundOne or more audit IDs do not exist

Examples

curl https://api.causeflow.ai/v1/audit/verify \
  -X POST \
  -H "Authorization: Bearer eyJhbGc..." \
  -H "Content-Type: application/json" \
  -d '{ "auditIds": ["aud_01HX9VTPQR3KF8MZWBYD5N6JCE"] }'

List audit log

Browse audit entries

Export audit log

Export for compliance reporting