# Audit trail events
You can get raw audit trail events for your employees using the request below.
HTTP status 200 in response confirms availability of our API.
Note that the request should be authorized with headers mentioned above.
GET /resources/auditTrailEvents
Copy
curl -X GET \
'https://api.sumsub.com/resources/auditTrailEvents'
Events are always sorted by ts in descending order.
Мах number of events per request is 20000.
# REQUEST ARGUMENTS
| Name | Type | Required | Description |
|---|---|---|---|
| subjectName | String | No | The name of the subject for which events are received. If the name is not specified, events are received for all subjects on the key. |
| activity | String | No | If specified, only events with this activity will be in the response. |
| from | String | No | From the date/time events are received (format yyyy-MM-dd HH:mm:ss, e.g. 2022-10-01 12:05:00). If it's not specified - events are received from yesterday. |
| to | String | No | To the date/time events are received (format yyyy-MM-dd HH:mm:ss, e.g. 2022-10-01 12:15:00). If it's not specified - events are received up to now. |
| limit | Integer | No | Max number of events in one request. Can't be more than 20000. By default is 10. |
| offset | Integer | No | Allows to skip the offset events before beginning to return the events. By default is 0. |
Response body contains a JSON payload with a list of events. For example:
Copy
{
"items": [
{
"ts": "2022-10-06 08:23:28.715",
"clientId": "sample_key",
"activity": "subject:loggedIn:dashboard:success",
"subjectName": "[email protected]",
"ip": "5.64.19.63",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/106.0.0.0 Safari/537.36 Edg/106.0.1370.34",
"xClientId": "dashboard",
"correlationId": "req-7ae0a875-1d06-1234-b266-8fe2a24f22fa",
"applicantId": "",
"externalUserId": "",
"imageId": "",
"description": ""
},
{
"ts": "2022-10-05 06:37:58.858",
"clientId": "sample_key",
"activity": "subject:loaded:applicantList",
"subjectName": "[email protected]",
"ip": "46.109.67.83",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/105.0.0.0 Safari/537.36",
"xClientId": "dashboard",
"correlationId": "req-afea91b7-21e7-1234-98fb-ebe4d2867df6",
"applicantId": "",
"externalUserId": "",
"imageId": "",
"description": "cnt=10"
}
],
"totalItems": 2
}
# Event fields
| Name | Type | Optional | Description |
|---|---|---|---|
| ts | String | No | Date/time. |
| clientId | String | No | Key. |
| activity | String | No | Event type. |
| subjectName | String | No | The subject who has executed an action. |
| ip | String | No | IP from which an event was detected. |
| userAgent | String | Yes | userAgent from which an event was detected. |
| xClientId | String | Yes | API / dashboard / SDK. |
| correlationId | String | No | Internal id for investigation nearby requests. |
| applicantId | String | Yes | An applicant ID. |
| externalUserId | String | Yes | An applicant ID on the client side. |
| imageId | String | Yes | A document id. |
| description | String | Yes | Some additional information. |
# Possible event types:
| Name | Description |
|---|---|
| subject:loggedIn:dashboard:success | Successful login. |
| subject:loggedIn:dashboard:failure | Failed login. |
| subject:loggedOut:dashboard | Logout. |
| subject:loaded:applicant | Loading an applicant. |
| subject:loaded:applicantList | Loading an applicant list. |
| subject:exported:applicantCsvList | Downloading list of applicants in csv format. |
| subject:downloaded:docImage | Downloading a doc from an applicant. |
| subject:changed:applicant | Changing an applicant. |