Audit API
Query tamper-evident audit logs, verify log integrity, generate compliance reports, manage data retention, and export to SIEM systems. Most endpoints require the ADMIN role.
Tamper-evident logs
Get Audit Logs
/api/audit/team/:teamIdList audit logs for a team (requires ADMIN role)
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
page | integer | No | Page number (default: 0) |
size | integer | No | Page size (default: 50) |
action | string | No | Filter by action type (e.g. WORKFLOW_CREATED, MEMBER_ADDED) |
userId | UUID | No | Filter by acting user |
from | ISO 8601 | No | Start date for filtering |
to | ISO 8601 | No | End date for filtering |
Response
{
"content": [
{
"id": "uuid",
"teamId": "uuid",
"userId": "uuid",
"userName": "Jane Doe",
"action": "WORKFLOW_CREATED",
"resourceType": "WORKFLOW",
"resourceId": "uuid",
"details": {
"workflowName": "Order Processing"
},
"createdAt": "2026-02-17T10:00:00.000Z"
}
],
"totalElements": 1250,
"totalPages": 25,
"number": 0,
"size": 50
}Verify Integrity
/api/audit/team/:teamId/verifyVerify the integrity of the audit log
Verifies that no audit log entries have been tampered with or deleted. This operation can take time for teams with extensive audit history.
Response
{
"valid": true,
"entriesVerified": 1250,
"firstEntry": "2026-01-15T10:00:00.000Z",
"lastEntry": "2026-02-17T10:00:00.000Z",
"verifiedAt": "2026-02-17T10:05:00.000Z"
}{
"valid": false,
"entriesVerified": 843,
"brokenAtTimestamp": "2026-02-10T08:30:00.000Z",
"verifiedAt": "2026-02-17T10:05:00.000Z"
}Audit Reports
List Reports
/api/audit/team/:teamId/reportsList generated audit reports
[
{
"id": "uuid",
"name": "February 2026 Compliance Report",
"type": "COMPLIANCE",
"status": "COMPLETED",
"createdAt": "2026-02-17T09:00:00.000Z",
"downloadUrl": "/api/audit/team/:teamId/reports/:id/download"
}
]Create Report
/api/audit/team/:teamId/reportsGenerate a new audit report
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Report name |
type | string | Yes | Report type: COMPLIANCE, ACTIVITY, SECURITY |
from | ISO 8601 | Yes | Report period start date |
to | ISO 8601 | Yes | Report period end date |
{
"name": "February 2026 Compliance Report",
"type": "COMPLIANCE",
"from": "2026-02-01T00:00:00.000Z",
"to": "2026-02-28T23:59:59.000Z"
}Get Report
/api/audit/team/:teamId/reports/:idGet report details and download URL
Retention Management
Get Retention Policy
/api/audit/team/:teamId/retentionGet the current audit log retention policy
{
"retentionDays": 365,
"autoDeleteEnabled": false,
"lastPurgedAt": null
}Update Retention Policy
/api/audit/team/:teamId/retentionUpdate the audit log retention policy
| Field | Type | Required | Description |
|---|---|---|---|
retentionDays | integer | Yes | Number of days to retain audit logs (minimum: 30) |
autoDeleteEnabled | boolean | No | Automatically delete logs past the retention period |
Purge Old Logs
/api/audit/team/:teamId/purgeManually purge audit logs older than the retention period
Irreversible
{
"purgedCount": 342,
"oldestRemaining": "2026-01-15T10:00:00.000Z",
"purgedAt": "2026-02-17T10:15:00.000Z"
}SIEM Export
/api/audit/team/:teamId/siemExport audit logs in SIEM-compatible format
| Parameter | Type | Required | Description |
|---|---|---|---|
format | string | No | Export format: syslog, cef, or json (default: json) |
from | ISO 8601 | No | Start date |
to | ISO 8601 | No | End date |
limit | integer | No | Maximum entries to export (default: 10000) |
The response Content-Type varies by format. JSON returns application/json, while syslog and CEF return text/plain.
Continuous integration
Error Codes
| Status | Meaning |
|---|---|
400 | Invalid query parameters or retention value below minimum |
403 | Insufficient permissions (requires ADMIN role) |
404 | Team or report not found |