Auditor export
Date-bounded JSONL or JSON dump of events for compliance auditors.
Endpoint
GET /api/v1/events/export
Streams the authenticated organization's events for a date range as newline-delimited JSON (JSONL by default) or a JSON array. Designed for compliance auditors who need a record without needing direct database / BigQuery access.
Query parameters
| Name | Required | Type | Default | Notes |
|---|---|---|---|---|
start |
yes | ISO datetime | — | Lower bound, inclusive |
end |
yes | ISO datetime | — | Upper bound, inclusive. Must be after start |
format |
no | jsonl | json |
jsonl |
JSONL = one event per line; JSON = single array |
include_payload |
no | boolean | false |
Off for PII safety; pass true to include raw request/response body |
The window cannot exceed 366 days. Larger requests return 400. For multi-year exports, paginate
by issuing multiple calls.
Response
JSONL is streamed in 500-row partitions, ordered by event timestamp ascending. Each line is the
same shape returned by GET /api/v1/events/{id} (token counts, cost, model, provider, request_id,
session_id, team_id, feature, etc.) with payload set to null unless include_payload=true.
Content type: application/x-ndjson for JSONL, application/json for the array variant.
Example
curl -H "Authorization: Bearer $TOKEN" \
"https://token-api.audit.id/api/v1/events/export?start=2026-04-01T00:00:00Z&end=2026-05-01T00:00:00Z" \
-o events-april.jsonl
Auditor handoff pattern
Provision a separate API key with read-only scope, share it with the auditor for the duration of the audit, and rotate it afterwards. The export endpoint is rate-limited like the rest of the API and scoped to the requesting organization — no cross-org leakage possible.