API · POST
POST /v1/audit/query
Query the audit trail — workflows, agents, tool calls, approvals.
Overview
POST /v1/audit/query
Queries the tamper-evident audit store. Supports filtering by workflow, agent, user, tool, time range and audit class. Designed for compliance, security and customer-support investigations.
All xyner API calls require an OAuth2 bearer token with the appropriate scope. Every request is identity-bound and audit-captured.
Request
Example request
{
"filters": {
"audit_class": "claims",
"from": "2026-04-01T00:00:00Z",
"to": "2026-04-12T23:59:59Z",
"user": "usr_01HQX"
},
"include": ["reasoning", "tool_calls", "approvals"],
"page_size": 50
}
Response
Example response
A successful response has shape:
{
"records": [
{
"id": "aud_01H8Z",
"workflow_id": "wf_01H8Z",
"agent": "claims-triage-agent",
"step": 3,
"action": "route_to_queue",
"input_hash": "sha256:9f8c7b6a...",
"output_hash": "sha256:1e2d3c4b...",
"policy_decision": "allow",
"duration_ms": 142,
"occurred_at": "2026-04-12T09:14:25Z"
}
],
"next_cursor": "cur_01H8Z..."
}
Notes
Things worth knowing
Useful behavioural details for this endpoint.
- All endpoints support OpenTelemetry trace-context propagation via standard W3C headers.
- Idempotency keys are honoured for 24 hours (or longer for endpoints that explicitly support extended idempotency).
- Errors follow RFC 7807 problem+json with a stable error code in
type. - Every successful action produces one or more audit records, queryable via /v1/audit/query.
- Rate limits apply per-tenant; current limits are returned in
X-RateLimit-*response headers.
See also
Related endpoints and concepts
This endpoint is part of the broader xyner platform API. For an end-to-end view, see the platform overview and the documentation hub.
Get started
Ready to put autonomous agents to work?
See xyner in your environment with a guided executive demo.