Reference / Audit

SIEM export: a larger, ordered batch of audit rows (with chain hashes) for external ingestion. Same filters as `list`; pages via `after`/`offset` with a limit up to 1000. Requires `audit:read`.

GET /v1/audit-logs/export
Secret API key operationId: export

Authorization

Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.

Query parameters

  • type string optional

    Exact type (`session.revoked`) or a dotted family by prefix (`session` → all `session.*`).

  • actor_kind string optional

    Actor kind: `user | api_key | system | public`.

  • aggregate_id string<uuid> optional

    Restrict to events touching one aggregate (a user/session/org id).

  • search string optional

    Free-text match on the event type.

  • after string<date-time> optional

    Inclusive lower/upper bounds on when the event occurred (RFC 3339).

  • before string<date-time> optional
  • limit integer<int64> optional

    Page size (default 50, max 100).

  • offset integer<int64> optional

    Row offset (default 0).

Responses

200 Audit export batch

Request

curl -X GET "http://localhost:8080/v1/audit-logs/export" \

Try it

live request
GET http://localhost:8080/v1/audit-logs/export

Query parameters