Endpoints
GET /api/applications/:foreignId/auditors-log
Retrieves the activity log for a specific application. Entries are scoped to the application identified by:foreignId and your authenticated organization. Use this endpoint to review all compliance actions that have occurred within a single application.
Required permission: logs:view_activity (common bucket)
The application route segment from
GET /auth/me.GET /api/applications/:foreignId/cases/:caseId/auditors-log
Retrieves the activity log filtered to a specific case within an application. Use this endpoint to audit the history of a single disclosure case — who accessed it, what reports were generated, and when the case was approved. Required permission:reports:view_transactions (auditor bucket)
The application route segment from
GET /auth/me.The ID of the case whose activity log you want to retrieve. The case must belong to the application identified by
:foreignId.POST /api/applications/:foreignId/auditors-log/reports
Generates an exportable activity log report for an application. The report captures the current state of the application-level log and is stored as a report object that you can later download via the Reports API. Required permissions:reports:create + logs:view_activity (auditor / common buckets)
The application route segment from
GET /auth/me.id for use with the download endpoint.
POST /api/applications/:foreignId/cases/:caseId/auditors-log/reports
Generates an exportable activity log report scoped to a specific case. Use this to produce a durable, downloadable record of all compliance actions taken within a single disclosure case. Required permissions:reports:create + reports:view_transactions (auditor bucket)
The application route segment from
GET /auth/me.The ID of the case for which to generate the log export.
POST /api/auditors-log/reports
Generates an organization-level activity log export covering all applications in your organization. This endpoint is available to organization owners and produces a comprehensive audit export across the entire organization’s compliance activity. Required permission: Owner-level permissions (reports:create at organization scope)
Returns report metadata for the newly created organization-level export.
Log entries are written only after successful handler execution. If a request fails — due to a permission error, validation error, or any other reason — no success log entry is created for that request. The activity log reflects completed actions, not attempted ones.
Log Entry Fields
| Field | Meaning |
|---|---|
event_type | Type of action performed (e.g. case created, report generated, team member added). |
user | Display name of the actor who performed the action. |
user_id | Internal user ID of the actor. |
object | JSON object describing the target of the action — such as a case, report, team member, or application. |
details | JSON object containing additional event-specific detail, such as changed field values or decision reasons. |
application_foreign_id | The foreignId of the application the action was scoped to, when applicable. |
case_id | The ID of the case the action was scoped to, when applicable. |
created_at | ISO 8601 timestamp of when the event was recorded. |