Get audit trail events

Overview

The audit trail events method allows you to track and investigate actions that your employees perform in the Sumsub Dashboard. It can be used to monitor team activity, ensure compliance, and detect suspicious operations. This method is particularly useful when you need a detailed activity log for a specific employee, for example, during internal reviews or regulatory audits.

You can access audit trail data in the following ways:

  • API request — supports the complete set of event types, covering activities such as logins, applicant management actions, data downloads, exports, and more. You can filter results by employee, action type, and time range using Query Params when making a request. To understand how to interpret the API response, refer to the Response explained section.
  • Dashboard — provides access to a limited activity log on the Team → Activity log page, showing team and permission management actions, such as creating or updating accounts, changing roles, and so on. You can filter results by date range and action type directly on the page. All other event types can only be provided through the API request.

🚧

Attention

This feature is available at an additional cost. Contact us to learn more.

📘

Note

  • Events are always sorted by ts in a descending order.
  • The maximum number of events per request is 20000.

Response explained

The HTTP status 200 in the response confirms the availability of our API:

NameTypeOptionalDescription
tsStringNoDate/time.
clientIdStringNoClient key.
activityStringNoEvent type.
subjectNameStringNoSubject that executed the action.
ipStringNoIP from which the event was detected.
userAgentStringYesUser agent from which the event was detected.
xClientIdStringYesAPI / Dashboard / SDK.
correlationIdStringNoInternal ID for investigating requests.
applicantIdStringYesUnique applicant identifier.
externalUserIdStringYesUnique applicant identifier on the client side.
imageIdStringYesUnique document identifier.
descriptionStringYesAdditional information.

Event types

NameDescription
subject:loggedIn:dashboard:successUser successfully logged in to the Dashboard.
subject:loggedIn:dashboard:failureUser failed to log in to the Dashboard.
subject:loggedOut:dashboardUser logged out of the Dashboard.
subject:changed:applicantUser changed the applicant profile.
subject:loaded:applicantUser loaded an applicant page in the Dashboard.
subject:loaded:applicantListUser loaded a page with a list of applicants in the Dashboard. Also can be an applicant page if cnt=1.
subject:exported:applicantCsvListUser exported the applicant list under filters as CSV.
subject:exported:applicantActionCsvListUser exported a list of applicant actions under filters as CSV.
subject:downloaded:docImageUser downloaded the image on the applicant page (by manually clicking the Download button only). There are other ways to download the image without triggering this event.
subject:changed:applicantLevelUser changed the applicant level settings. For example, created a new level, or deleted the existing one, changed the steps, and so on.
subject:changed:questionnaireUser changed the questionnaire settings. For example, added a new question or deleted the existing one.
subject:changed:globalSettingsUser changed the global settings. For example, recognition settings or allowed duplicates.
subject:changed:flowUser changed the flow settings. For example, added, updated, or deleted any flow in the UI in: Integrations -> Customizations.
subject:changed:licenseKeyUser changed license key. For example, created, updated, or deleted the license key in the UI in: Integrations -> Global Settings -> Source Keys.
subject:changed:poaStepSettingsUser changed the PoA step settings. For example, created, updated, or deleted settings in the UI in: Integrations -> Global Settings -> User verification -> Proof of Address.
subject:changed:dictionaryUser changed one of the dictionaries (MobileSDK, WebSDK, Common etc.). For example, created or updated dictionary in the UI in: Integrations -> SDK Translations.
subject:changed:paymentMethodDefinitionsUser changed payment methods settings. For example, created, updated, or deleted one of the payment method definitions in the UI in: Integrations -> Payment methods.
subject:modified:workflowRevisionUser changed the workflow revision in the UI in: Integrations -> Applicant workflows.
subject:published:workflowRevisionUser published the workflow revision in the UI in: Integrations -> Applicant workflows.
subject:archived:workflowRevisionUser archived the workflow revision in the UI in: Integrations -> Applicant workflows.
subject:changed:autoCheckUser changed auto check settings. For example, created, updated or deleted auto check in the UI in: Admin Area -> Auto-checks.
subject:created:appTokenUser created an app token in the UI in: Dev space -> App tokens.
subject:deleted:appTokenUser deleted app token in the UI in: Dev space -> App tokens.
subject:modified:userModify parameters for the user.
subject:deleted:userDelete user.
subject:reset:passwordPassword has been reset via the Dashboard or link.
subject:modified:2faModify 2-factor authentication key into the system.
subject:downloaded:reportUser downloaded the report.
Language
Credentials
Header
Click Try It! to start a request and see the response here!