> For the complete documentation index, see [llms.txt](https://docs.flxbl.io/flxbl/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.flxbl.io/flxbl/sfp-server/api-reference/audit.md). # Audit ## Query centralized audit log > Retrieve audit trail entries across registered audit sources. Requires Owner role. Use the approval compliance API for SOX approval exports. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/audit":{"get":{"operationId":"AuditController_getAudit","summary":"Query centralized audit log","description":"Retrieve audit trail entries across registered audit sources. Requires Owner role. Use the approval compliance API for SOX approval exports.","parameters":[{"name":"source","required":false,"in":"query","description":"Audit source to query","schema":{"enum":["integration","approval","variable","environment","slack"],"type":"string"}},{"name":"action","required":false,"in":"query","description":"Filter by action. Prefix match without dot (integration) or exact action (integration.created).","schema":{"type":"string"}},{"name":"actor","required":false,"in":"query","description":"Filter by actor email","schema":{"type":"string"}},{"name":"repositoryIdentifier","required":false,"in":"query","description":"Filter by repository identifier where the audit source exposes one","schema":{"type":"string"}},{"name":"entityId","required":false,"in":"query","description":"Filter by audited entity identifier","schema":{"type":"string"}},{"name":"from","required":false,"in":"query","description":"ISO 8601 start timestamp, inclusive","schema":{"type":"string"}},{"name":"to","required":false,"in":"query","description":"ISO 8601 end timestamp, exclusive","schema":{"type":"string"}},{"name":"limit","required":false,"in":"query","description":"Maximum entries to return","schema":{"maximum":1000,"default":50,"type":"number"}},{"name":"offset","required":false,"in":"query","description":"Offset into the result set","schema":{"default":0,"type":"number"}}],"responses":{"200":{"description":"Audit log entries returned"},"403":{"description":"Forbidden - Requires role: owner"}},"tags":["Audit"]}}}} ``` ## Start an async audit CSV export > Creates an owner-only audit CSV export job. Approval compliance exports remain under the approval compliance API. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"StartAuditExportDto":{"type":"object","properties":{"source":{"type":"string","description":"Audit source to export","enum":["integration","approval","variable","environment","slack"]},"action":{"type":"string","description":"Filter by action. Prefix match without dot (integration) or exact action (integration.created)."},"actor":{"type":"string","description":"Filter by actor email"},"repositoryIdentifier":{"type":"string","description":"Filter by repository identifier where the audit source exposes one"},"entityId":{"type":"string","description":"Filter by audited entity identifier"},"from":{"type":"string","description":"ISO 8601 start timestamp, inclusive"},"to":{"type":"string","description":"ISO 8601 end timestamp, exclusive"},"fileName":{"type":"string","description":"Download filename. Defaults to a generated audit-export filename."}}}}},"paths":{"/sfp/api/audit/exports":{"post":{"operationId":"AuditController_startExport","summary":"Start an async audit CSV export","description":"Creates an owner-only audit CSV export job. Approval compliance exports remain under the approval compliance API.","parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/StartAuditExportDto"}}}},"responses":{"201":{"description":"Audit export job created"},"403":{"description":"Forbidden - Requires role: owner"}},"tags":["Audit"]}}}} ``` ## GET /sfp/api/audit/exports/{id} > Get audit export status ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/audit/exports/{id}":{"get":{"operationId":"AuditController_getExport","summary":"Get audit export status","parameters":[{"name":"id","required":true,"in":"path","description":"Audit export id","schema":{"type":"string"}}],"responses":{"200":{"description":"Audit export record returned"},"403":{"description":"Forbidden - Requires role: owner"}},"tags":["Audit"]}}}} ``` ## GET /sfp/api/audit/exports/{id}/download > Download a completed audit export CSV ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/audit/exports/{id}/download":{"get":{"operationId":"AuditController_downloadExport","summary":"Download a completed audit export CSV","parameters":[{"name":"id","required":true,"in":"path","description":"Audit export id","schema":{"type":"string"}}],"responses":{"200":{"description":"Streams the completed audit CSV through the SFP API"},"403":{"description":"Forbidden - Requires role: owner"}},"tags":["Audit"]}}}} ``` ## GET /sfp/api/audit/exports/{id}/download-url > Get the authenticated audit export CSV download URL ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/audit/exports/{id}/download-url":{"get":{"operationId":"AuditController_getDownloadUrl","summary":"Get the authenticated audit export CSV download URL","parameters":[{"name":"id","required":true,"in":"path","description":"Audit export id","schema":{"type":"string"}}],"responses":{"200":{"description":"Authenticated SFP API download URL returned"},"403":{"description":"Forbidden - Requires role: owner"}},"tags":["Audit"]}}}} ``` ## GET /sfp/api/audit/internal/exports/{id}/rows > Fetch audit export rows for the worker (internal) ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/audit/internal/exports/{id}/rows":{"get":{"operationId":"AuditController_getExportRows","summary":"Fetch audit export rows for the worker (internal)","parameters":[{"name":"id","required":true,"in":"path","schema":{"type":"string"}},{"name":"cursorCreatedAt","required":false,"in":"query","description":"Cursor created_at value from the previous page","schema":{"type":"string"}},{"name":"cursorId","required":false,"in":"query","description":"Cursor row id from the previous page","schema":{"type":"string"}},{"name":"limit","required":false,"in":"query","description":"Maximum rows to return","schema":{"maximum":1000,"default":1000,"type":"number"}}],"responses":{"403":{"description":"Forbidden - Requires role: application"}},"tags":["Audit"]}}}} ``` ## POST /sfp/api/audit/internal/exports/{id}/complete > Mark an audit export complete (internal) ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"CompleteAuditExportDto":{"type":"object","properties":{"objectKey":{"type":"string","description":"S3 object key containing the completed CSV"},"fileName":{"type":"string","description":"CSV filename to present to users"},"rowCount":{"type":"number","description":"Number of exported rows"},"fileSizeBytes":{"type":"number","description":"Uploaded object size in bytes"},"contentType":{"type":"string","description":"Object content type","default":"text/csv"}},"required":["objectKey","fileName","rowCount","fileSizeBytes"]}}},"paths":{"/sfp/api/audit/internal/exports/{id}/complete":{"post":{"operationId":"AuditController_completeExport","summary":"Mark an audit export complete (internal)","parameters":[{"name":"id","required":true,"in":"path","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CompleteAuditExportDto"}}}},"responses":{"403":{"description":"Forbidden - Requires role: application"}},"tags":["Audit"]}}}} ``` ## POST /sfp/api/audit/internal/exports/{id}/fail > Mark an audit export failed (internal) ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"FailAuditExportDto":{"type":"object","properties":{"error":{"type":"string","description":"Failure reason"}},"required":["error"]}}},"paths":{"/sfp/api/audit/internal/exports/{id}/fail":{"post":{"operationId":"AuditController_failExport","summary":"Mark an audit export failed (internal)","parameters":[{"name":"id","required":true,"in":"path","schema":{"type":"string"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/FailAuditExportDto"}}}},"responses":{"403":{"description":"Forbidden - Requires role: application"}},"tags":["Audit"]}}}} ``` ## POST /sfp/api/audit/internal/exports/cleanup > Clean up expired audit exports (internal) ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"CleanupAuditExportsDto":{"type":"object","properties":{"batchSize":{"type":"number","description":"Maximum expired export records to clean up","default":100,"maximum":1000}}}}},"paths":{"/sfp/api/audit/internal/exports/cleanup":{"post":{"operationId":"AuditController_cleanupExpiredExports","summary":"Clean up expired audit exports (internal)","parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/CleanupAuditExportsDto"}}}},"responses":{"403":{"description":"Forbidden - Requires role: application"}},"tags":["Audit"]}}}} ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flxbl.io/flxbl/sfp-server/api-reference/audit.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.