> ## Documentation Index > Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt > Use this file to discover all available pages before exploring further. # Search Audit Events > Retrieve a paginated list of audit events. Supports filtering by event type, action, result, resource, and date range. Results use cursor-based pagination. ## OpenAPI ````yaml /en/openapi/v3-current/flowker.yaml get /v1/audit-events openapi: 3.1.0 info: description: >- Complete API reference for Flowker workflow orchestration services including catalog management, workflow definitions, executor configurations, provider configurations, and workflow executions. title: Flowker API version: 1.0.2 servers: - url: https://flowker.sandbox.lerian.net security: - ApiKeyAuth: [] tags: - name: Health API description: Health and version endpoints for monitoring the Flowker service. - name: Catalog API description: >- Browse built-in providers, executors, and triggers available in the Flowker catalog. - name: Workflows API description: >- Create, update, activate, deactivate, clone, and delete workflow definitions. - name: Executions API description: Start workflow executions and track their status and results. - name: Executor Configurations API description: >- Configure, test, and manage external executor connections used by workflow nodes. - name: Provider Configurations API description: Configure, test, enable, and disable provider integrations. - name: Dashboard API description: >- Retrieve aggregated summaries of workflows and executions for operational dashboards. - name: Audit API description: Query and verify audit events for compliance and operational visibility. - name: Webhooks API description: >- Receive webhook callbacks from external systems to trigger workflow executions. paths: /v1/audit-events: get: tags: - Audit API summary: Search Audit Events description: >- Retrieve a paginated list of audit events. Supports filtering by event type, action, result, resource, and date range. Results use cursor-based pagination. operationId: searchAuditEvents parameters: - description: >- Filter by event type (e.g., `WORKFLOW_CREATED`, `EXECUTION_STARTED`). in: query name: eventType schema: type: string - description: >- Filter by action (e.g., `CREATE`, `UPDATE`, `DELETE`, `ACTIVATE`, `DEACTIVATE`, `DRAFT`, `EXECUTE`). in: query name: action schema: type: string - description: Filter by result. in: query name: result schema: enum: - SUCCESS - FAILED type: string - description: Filter by resource type. in: query name: resourceType schema: enum: - workflow - execution - provider_config type: string - description: Filter by resource ID. in: query name: resourceId schema: format: uuid type: string - description: Start of the date range filter (RFC 3339 format). in: query name: dateFrom schema: format: date-time type: string - description: End of the date range filter (RFC 3339 format). in: query name: dateTo schema: format: date-time type: string - description: >- Maximum number of items per page. Defaults to 20. Must be between 1 and 100. in: query name: limit schema: default: 20 maximum: 100 minimum: 1 type: integer - description: >- Cursor for pagination. Use the value from the `nextCursor` field in a previous response to retrieve the next page. in: query name: cursor schema: type: string - description: Sort direction. Use `ASC` for ascending or `DESC` for descending. in: query name: sortOrder schema: default: DESC enum: - ASC - DESC type: string responses: '200': content: application/json: schema: $ref: '#/components/schemas/AuditEntryListOutput' description: >- Indicates that the request was successful and the response contains the requested data. '400': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: >- Indicates that the request was malformed or contained invalid parameters. '500': content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' description: >- Indicates an unexpected internal error. If this persists, please contact support. components: schemas: AuditEntryListOutput: description: Paginated list of audit event entries. properties: items: description: Audit event entries in the current page. items: $ref: '#/components/schemas/AuditEntryOutput' type: array nextCursor: description: Cursor for the next page. Empty if this is the last page. example: 9d8e7f6a-5b4c-4321-9876-a1b2c3d4e5f6 type: string hasMore: description: Whether more pages are available. example: true type: boolean type: object ErrorResponse: properties: code: description: Machine-readable error code with the FLK prefix. example: FLK-0001 type: string message: description: Human-readable explanation of the error. example: Invalid input provided type: string title: description: Short error category title. example: Bad Request type: string required: - code - message - title type: object AuditEntryOutput: description: Immutable audit event record with hash chain integrity. properties: eventId: description: Unique identifier of the audit event. example: 9d8e7f6a-5b4c-4321-9876-a1b2c3d4e5f6 format: uuid type: string eventType: description: >- Type of audit event (e.g., `WORKFLOW_CREATED`, `EXECUTION_STARTED`, `PROVIDER_CONFIG_UPDATED`). example: WORKFLOW_CREATED type: string action: description: >- Action performed: `CREATE`, `UPDATE`, `DELETE`, `ACTIVATE`, `DEACTIVATE`, `DRAFT`, or `EXECUTE`. example: CREATE type: string result: description: 'Outcome of the action: `SUCCESS` or `FAILED`.' example: SUCCESS type: string resourceId: description: Identifier of the resource that was acted upon. example: 550e8400-e29b-41d4-a716-446655440000 type: string resourceType: description: 'Type of resource: `workflow`, `execution`, or `provider_config`.' example: workflow type: string actor: $ref: '#/components/schemas/AuditActorOutput' context: additionalProperties: true description: Additional context about the event. type: object metadata: additionalProperties: true description: Extra metadata associated with the event. type: object timestamp: description: Timestamp when the event occurred (RFC 3339). example: '2026-03-17T14:35:15Z' format: date-time type: string hash: description: SHA-256 hash for this entry in the audit hash chain. example: a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2 type: string previousHash: description: Hash of the previous entry in the chain. Empty for the first entry. example: f6e5d4c3b2a1f0e9d8c7b6a5f4e3d2c1b0a9f8e7d6c5b4a3f2e1d0c9b8a7f6e5 type: string type: object AuditActorOutput: description: Actor who performed the audited action. properties: type: description: 'Type of actor: `user`, `system`, or `api_key`.' example: user type: string id: description: >- Identifier of the actor (user ID, service name, or API key reference). example: d4e5f6a7-b8c9-4012-d345-444444444444 type: string ipAddress: description: IP address of the actor at the time of the action. example: 192.168.1.100 type: string type: object securitySchemes: ApiKeyAuth: type: apiKey in: header name: X-API-Key description: >- API key for authenticating requests to the Flowker API. Provisioned via the API_KEY environment variable during deployment. ````