Dashboard Get started

Endpoint

GET /api/v1/events/export

Streams the authenticated organization's events for a date range as newline-delimited JSON (JSONL by default) or a JSON array. Designed for compliance auditors who need a record without needing direct database / BigQuery access.

Query parameters

Name Required Type Default Notes
start yes ISO datetime Lower bound, inclusive
end yes ISO datetime Upper bound, inclusive. Must be after start
format no jsonl | json jsonl JSONL = one event per line; JSON = single array
include_payload no boolean false Off for PII safety; pass true to include raw request/response body

The window cannot exceed 366 days. Larger requests return 400. For multi-year exports, paginate by issuing multiple calls.

Response

JSONL is streamed in 500-row partitions, ordered by event timestamp ascending. Each line is the same shape returned by GET /api/v1/events/{id} (token counts, cost, model, provider, request_id, session_id, team_id, feature, etc.) with payload set to null unless include_payload=true.

Content type: application/x-ndjson for JSONL, application/json for the array variant.

Example

curl -H "Authorization: Bearer $TOKEN" \
  "https://token-api.audit.id/api/v1/events/export?start=2026-04-01T00:00:00Z&end=2026-05-01T00:00:00Z" \
  -o events-april.jsonl

Auditor handoff pattern

Provision a separate API key with read-only scope, share it with the auditor for the duration of the audit, and rotate it afterwards. The export endpoint is rate-limited like the rest of the API and scoped to the requesting organization — no cross-org leakage possible.