Audit Logs
Every scan is recorded in the audit log with its tier, action, signals, and metadata. Use audit logs for compliance reporting, debugging, and monitoring. Full prompts are never stored by default. Audit logs include a truncated preview (first 120 characters) and scan metadata.
Plan requirement: Audit log retention varies by plan — Trial retains 7 days, Pro and Starter retain 30 days, Education and Professional retain 365 days, and Enterprise retains indefinitely. Personal plans do not include audit log access.
GET
/v1/auditQuery audit logs with pagination and filtering.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
limit | number | No | Max results to return (default: 50, max: 100) |
offset | number | No | Number of results to skip (default: 0) |
tier | "green" | "yellow" | "red" | No | Filter by risk tier |
from | string | No | Start date filter (ISO 8601 datetime) |
to | string | No | End date filter (ISO 8601 datetime) |
Response
200 OK
{
"logs": [
{
"id": "uuid",
"tier": "red",
"action": "block",
"risk_score": 85,
"signals": [
{ "domain": "pii", "type": "ssn", "confidence": 0.98, "weight": 50 }
],
"active_domains": ["pii", "education", "cultural", "reidentification", "injection"],
"latency_ms": 8,
"api_key_id": "uuid",
"requesting_ip": "203.0.113.42",
"prompt_preview": "Tell me about the traditional healing practices used by...",
"created_at": "2026-01-20T14:30:00Z"
}
],
"total": 342,
"limit": 50,
"offset": 0
}Response Fields
| Parameter | Type | Required | Description |
|---|---|---|---|
logs | AuditEntry[] | Yes | Array of audit log entries |
total | number | Yes | Total matching entries (for pagination) |
limit | number | Yes | Applied limit |
offset | number | Yes | Applied offset |
Audit Entry Fields
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | Yes | Unique audit log entry ID |
tier | "green" | "yellow" | "red" | Yes | Risk classification tier |
action | "allow" | "warn" | "block" | Yes | Action taken on the scan |
risk_score | number | Yes | Numerical risk score (0-100) |
signals | Signal[] | Yes | Array of detected signals with domain, type, confidence, and weight |
prompt_preview | string | null | No | Truncated prompt preview (first 120 characters). Null if not available. |
active_domains | string[] | Yes | Detection domains that were active during the scan |
latency_ms | number | Yes | Scan processing time in milliseconds |
created_at | string | Yes | ISO 8601 timestamp of the scan |
GET
/v1/audit/:idGet a single audit log entry by ID.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | string | Yes | The audit log entry ID |
Single Entry Response
200 OK
{
"log": {
"id": "uuid",
"tier": "yellow",
"action": "flag",
"risk_score": 45,
"signals": [
{ "domain": "cultural", "type": "ceremony_reference", "confidence": 0.85, "weight": 40 }
],
"active_domains": ["pii", "education", "cultural", "reidentification", "injection"],
"latency_ms": 6,
"api_key_id": "uuid",
"requesting_ip": "198.51.100.7",
"created_at": "2026-01-19T09:15:00Z"
}
}Pagination
Use offset and limit to page through results. The total field tells you how many entries match your filters.
Example: Page 2
GET /v1/audit?limit=50&offset=50
// Returns entries 51-100, with total count for navigationExamples
SDK
// Get recent red-tier events
const { logs, total } = await armor.listAuditLogs({
tier: 'red',
limit: 10,
});
console.log(`${total} red-tier events total`);
// Get a single audit entry
const entry = await armor.getAuditLog(logs[0].id);
console.log(entry.signals);cURL
# Get red-tier logs from the last week
curl "https://indigiarmor.com/v1/audit?tier=red&from=2026-02-18T00:00:00Z&limit=20" \
-H "Authorization: Bearer ia_sk_..."