> ## Documentation Index > Fetch the complete documentation index at: https://docs.lerian.studio/llms.txt > Use this file to discover all available pages before exploring further. # List Audit Events > Use this endpoint to list audit events with filters and cursor-based pagination. Designed for SOX/GLBA compliance reporting. ## OpenAPI ````yaml /en/openapi/v3-current/tracer.yaml get /v1/audit-events openapi: 3.1.0 info: title: Tracer API description: >- Complete API reference for Tracer services including transaction validation, rules management, spending limits, and audit events for SOX/GLBA compliance. version: 1.0.0 servers: - url: https://tracer.lerian.io security: [] tags: - name: Health API description: >- Health check endpoints for liveness and readiness probes. These endpoints do not require authentication. - name: Validations API description: >- Transaction validation endpoints. Performance target is under 80ms (p99). Validations are not idempotent. - name: Rules API description: >- Validation rule management endpoints. Rules use CEL (Common Expression Language) expressions. - name: Limits API description: >- Spending limit management endpoints. Limits control transaction amounts by scope and period. - name: Audit Events API description: >- Audit trail endpoints for SOX/GLBA compliance. All validation decisions and configuration changes are recorded. paths: /v1/audit-events: get: tags: - Audit Events API summary: List Audit Events description: >- Use this endpoint to list audit events with filters and cursor-based pagination. Designed for SOX/GLBA compliance reporting. operationId: listAuditEvents parameters: - $ref: '#/components/parameters/ContentType' - $ref: '#/components/parameters/XApiKey' - $ref: '#/components/parameters/XRequestId' - name: limit in: query description: >- The maximum number of items to include in the response. Default: 100, Max: 1000 required: false example: 100 schema: type: integer minimum: 1 maximum: 1000 default: 100 - name: cursor in: query description: Pagination cursor from previous response. required: false schema: type: string - name: startDate in: query description: >- Start date (RFC3339 format with timezone, inclusive). Defaults to 90 days before current time. required: false schema: type: string format: date-time - name: endDate in: query description: >- End date (RFC3339 format with timezone, exclusive). Defaults to current time. required: false schema: type: string format: date-time - name: eventType in: query description: Filter by event type. required: false schema: type: string enum: - TRANSACTION_VALIDATED - RULE_CREATED - RULE_UPDATED - RULE_ACTIVATED - RULE_DEACTIVATED - RULE_DELETED - LIMIT_CREATED - LIMIT_UPDATED - LIMIT_ACTIVATED - LIMIT_DEACTIVATED - LIMIT_DELETED - name: action in: query description: Filter by action. required: false schema: type: string enum: - VALIDATE - CREATE - UPDATE - DELETE - ACTIVATE - DEACTIVATE - name: result in: query description: Filter by result. required: false schema: type: string enum: - SUCCESS - FAILED - ALLOW - DENY - REVIEW - name: resourceType in: query description: Filter by resource type. required: false schema: type: string enum: - transaction - rule - limit - name: resourceId in: query description: Filter by resource ID (UUID). required: false schema: type: string format: uuid - name: actorType in: query description: Filter by actor type. required: false schema: type: string enum: - user - system - name: actorId in: query description: Filter by actor ID. required: false schema: type: string - name: accountId in: query description: Filter by account ID (queries context.request.account.id). required: false schema: type: string format: uuid - name: segmentId in: query description: Filter by segment ID. required: false schema: type: string format: uuid - name: portfolioId in: query description: Filter by portfolio ID. required: false schema: type: string format: uuid - name: transactionType in: query description: Filter by transaction type. required: false schema: type: string - name: matchedRuleId in: query description: Filter by matched rule ID (array contains query). required: false schema: type: string format: uuid - name: sortBy in: query description: The field used to sort the results. required: false schema: type: string enum: - createdAt - eventType default: createdAt - name: sortOrder in: query description: The order used to sort the results. required: false schema: type: string enum: - ASC - DESC default: DESC responses: '200': description: >- Indicates that the request was successful and the response contains the expected data. content: application/json: schema: $ref: '#/components/schemas/ListAuditEventsResponse' '400': description: '' content: application/json: schema: $ref: '#/components/schemas/ErrorFormat' examples: Error0006: $ref: '#/components/examples/Error0006' Error0020: $ref: '#/components/examples/Error0020' Error0044: $ref: '#/components/examples/Error0044' Error0141: $ref: '#/components/examples/Error0141' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorFormat' examples: Error0010: $ref: '#/components/examples/Error0010' Error0011: $ref: '#/components/examples/Error0011' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorFormat' examples: Error0004: $ref: '#/components/examples/Error0004' security: [] components: parameters: ContentType: name: Content-Type in: header description: The type of media of the resource. Must be `application/json`. required: true example: application/json schema: type: string XApiKey: name: X-API-Key in: header description: >- The API Key for authentication. **This header is required for all endpoints except health checks**. required: true schema: type: string XRequestId: name: X-Request-Id in: header description: A unique identifier used to trace and track each request. required: false example: 019c96a0-10ce-75fc-a273-dc799079a99c schema: type: string format: uuid schemas: ListAuditEventsResponse: type: object description: Paginated list of audit events for SOX/GLBA compliance. properties: auditEvents: type: array maxItems: 1000 items: $ref: '#/components/schemas/AuditEvent' description: List of audit event records. hasMore: type: boolean description: Whether there are more results available. nextCursor: type: - string - 'null' description: Cursor for fetching the next page. Null if no more results. ErrorFormat: type: object description: The response message error. required: - code - title - message properties: code: type: string description: A unique, stable identifier for the error. title: type: string description: A brief summary of the issue. message: type: string description: Detailed guidance for resolving the error. fields: type: object additionalProperties: true description: Additional information about the fields that caused the error. AuditEvent: type: object description: Audit trail event for SOX/GLBA compliance. properties: eventId: type: string format: uuid description: Unique identifier for the audit event. eventType: type: string enum: - TRANSACTION_VALIDATED - RULE_CREATED - RULE_UPDATED - RULE_ACTIVATED - RULE_DEACTIVATED - RULE_DELETED - LIMIT_CREATED - LIMIT_UPDATED - LIMIT_ACTIVATED - LIMIT_DEACTIVATED - LIMIT_DELETED description: Type of event that occurred. resourceType: type: string enum: - transaction - rule - limit description: Type of resource affected by the event. resourceId: type: string description: ID of the affected resource. action: type: string description: >- Action performed (VALIDATE, CREATE, UPDATE, DELETE, ACTIVATE, DEACTIVATE). result: type: string description: >- Result of the action. For validations (ALLOW, DENY, REVIEW). For CRUD operations (SUCCESS, FAILED). actor: $ref: '#/components/schemas/Actor' context: type: object additionalProperties: true description: >- Event context. For validations includes request and response. For CRUD includes before and after states. metadata: type: object additionalProperties: true description: Additional info (ticketId, correlationId, etc.). hash: type: string description: SHA-256 hash of event content for tamper detection. previousHash: type: string description: Hash of previous event in chain (forms immutable chain). createdAt: type: string format: date-time description: When the event occurred. Actor: type: object description: Actor who performed the action. properties: id: type: string description: Actor identifier. actorType: type: string enum: - user - system description: Type of actor. name: type: string description: Actor name (if available). role: type: string description: Actor role (if available). ipAddress: type: string description: IP address (if available). examples: Error0006: summary: Invalid Query Parameters value: code: TRC-0006 title: Invalid Query Parameters message: >- One or more query parameters are invalid. Please verify the parameters and try again. Error0020: summary: Invalid Date Format value: code: TRC-0020 title: Invalid Date Format message: >- The date must be in RFC3339 format with timezone (e.g., 2026-01-28T10:30:00Z). Date-only format is not accepted. Error0044: summary: Invalid Pagination Cursor value: code: TRC-0044 title: Invalid Pagination Cursor message: >- The provided pagination cursor is invalid or expired. Please start a new query without a cursor. Error0141: summary: Invalid Audit Event Filters value: code: TRC-0141 title: Invalid Audit Event Filters message: >- One or more audit event filters are invalid. Please verify the filter values and try again. Error0010: summary: API Key Missing value: code: TRC-0010 title: API Key Missing message: >- A valid API Key must be provided in the X-API-Key header. Please include your API Key and try again. Error0011: summary: Invalid API Key value: code: TRC-0011 title: Invalid API Key message: >- The provided API Key is invalid or expired. Please provide a valid API Key and try again. Error0004: summary: Internal Server Error value: code: TRC-0004 title: Internal Server Error message: >- An unexpected error occurred. Please try again later or contact support if the issue persists. ````