Skip to main content
GET
/
audit
/
{request_id}
Get audit record for a specific lookup
curl --request GET \
  --url https://{hostname}/v1/audit/{request_id} \
  --header 'Authorization: Bearer <token>'
{
  "request_id": "req_01JNQBC4X8Y2Z3A",
  "principal": {
    "type": "user",
    "user_id": "u_analyst_jdoe",
    "user_email": "analyst@example.com",
    "idp_session_id": "saml_sess_abc123",
    "api_key_id": "key_svc_01",
    "service_account_name": "integration-prod"
  },
  "organization_id": "org_example_001",
  "source_ip": "10.14.2.55",
  "logged_at": "2026-02-19T14:23:01Z",
  "requester_reference": "CASE-2026-00412",
  "identifiers_queried": 2
}

Authorizations

Authorization
string
header
required

JWT issued by your organization's SAML/OIDC identity provider after authentication. Required for user-attributed queries. The sub claim is recorded verbatim in the audit trail.

Path Parameters

request_id
string
required

The unique identifier of the lookup request.

Response

Audit record returned.

request_id
string
required
Example:

"req_01JNQBC4X8Y2Z3A"

principal
object
required

The authenticated identity that performed the lookup.

organization_id
string
required
Example:

"org_example_001"

source_ip
string
required
Example:

"10.14.2.55"

logged_at
string<date-time>
required
Example:

"2026-02-19T14:23:01Z"

requester_reference
string | null
Example:

"CASE-2026-00412"

identifiers_queried
integer

Number of identifiers submitted in this lookup.

Example:

2