get https://api.sumsub.com/resources/auditTrailEvents/
Overview
The audit trail events method allows you to track and investigate actions that your employees perform in the Sumsub Dashboard. It can be used to monitor team activity, ensure compliance, and detect suspicious operations. This method is particularly useful when you need a detailed activity log for a specific employee, for example, during internal reviews or regulatory audits.
You can access audit trail data in the following ways:
- API request — supports the complete set of event types, covering activities such as logins, applicant management actions, data downloads, exports, and more. You can filter results by employee, action type, and time range using Query Params when making a request. To understand how to interpret the API response, refer to the Response explained section.
- Dashboard — provides access to a limited activity log on the Team → Activity log page, showing team and permission management actions, such as creating or updating accounts, changing roles, and so on. You can filter results by date range and action type directly on the page. All other event types can only be provided through the API request.
Attention
This feature is available at an additional cost. Contact us to learn more.
Note
- Events are always sorted by
tsin a descending order.- The maximum number of events per request is 20000.
Response explained
The HTTP status 200 in the response confirms the availability of our API:
| Name | Type | Optional | Description |
|---|---|---|---|
ts | String | No | Date/time. |
clientId | String | No | Client key. |
activity | String | No | Event type. |
subjectName | String | No | Subject that executed the action. |
ip | String | No | IP from which the event was detected. |
userAgent | String | Yes | User agent from which the event was detected. |
xClientId | String | Yes | API / Dashboard / SDK. |
correlationId | String | No | Internal ID for investigating requests. |
applicantId | String | Yes | Unique applicant identifier. |
externalUserId | String | Yes | Unique applicant identifier on the client side. |
imageId | String | Yes | Unique document identifier. |
description | String | Yes | Additional information. |
Event types
| Name | Description |
|---|---|
subject:loggedIn:dashboard:success | User successfully logged in to the Dashboard. |
subject:loggedIn:dashboard:failure | User failed to log in to the Dashboard. |
subject:loggedOut:dashboard | User logged out of the Dashboard. |
subject:changed:applicant | User changed the applicant profile. |
subject:loaded:applicant | User loaded an applicant page in the Dashboard. |
subject:loaded:applicantList | User loaded a page with a list of applicants in the Dashboard. Also can be an applicant page if cnt=1. |
subject:exported:applicantCsvList | User exported the applicant list under filters as CSV. |
subject:exported:applicantActionCsvList | User exported a list of applicant actions under filters as CSV. |
subject:downloaded:docImage | User downloaded the image on the applicant page (by manually clicking the Download button only). There are other ways to download the image without triggering this event. |
subject:changed:applicantLevel | User changed the applicant level settings. For example, created a new level, or deleted the existing one, changed the steps, and so on. |
subject:changed:questionnaire | User changed the questionnaire settings. For example, added a new question or deleted the existing one. |
subject:changed:globalSettings | User changed the global settings. For example, recognition settings or allowed duplicates. |
subject:changed:flow | User changed the flow settings. For example, added, updated, or deleted any flow in the UI in: Integrations -> Customizations. |
subject:changed:licenseKey | User changed license key. For example, created, updated, or deleted the license key in the UI in: Integrations -> Global Settings -> Source Keys. |
subject:changed:poaStepSettings | User changed the PoA step settings. For example, created, updated, or deleted settings in the UI in: Integrations -> Global Settings -> User verification -> Proof of Address. |
subject:changed:dictionary | User changed one of the dictionaries (MobileSDK, WebSDK, Common etc.). For example, created or updated dictionary in the UI in: Integrations -> SDK Translations. |
subject:changed:paymentMethodDefinitions | User changed payment methods settings. For example, created, updated, or deleted one of the payment method definitions in the UI in: Integrations -> Payment methods. |
subject:modified:workflowRevision | User changed the workflow revision in the UI in: Integrations -> Applicant workflows. |
subject:published:workflowRevision | User published the workflow revision in the UI in: Integrations -> Applicant workflows. |
subject:archived:workflowRevision | User archived the workflow revision in the UI in: Integrations -> Applicant workflows. |
subject:changed:autoCheck | User changed auto check settings. For example, created, updated or deleted auto check in the UI in: Admin Area -> Auto-checks. |
subject:created:appToken | User created an app token in the UI in: Dev space -> App tokens. |
subject:deleted:appToken | User deleted app token in the UI in: Dev space -> App tokens. |
subject:modified:user | Modify parameters for the user. |
subject:deleted:user | Delete user. |
subject:reset:password | Password has been reset via the Dashboard or link. |
subject:modified:2fa | Modify 2-factor authentication key into the system. |
subject:downloaded:report | User downloaded the report. |