> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fact0.io/llms.txt
> Use this file to discover all available pages before exploring further.

# List audit events



## OpenAPI

````yaml /openapi/audit.v1.yaml get /v1/events
openapi: 3.1.0
info:
  title: Fact0 Audit API
  version: 1.0.0
  description: >
    Compliance-grade universal fact layer with tamper-evident audit log API.
    Events form a per-tenant SHA-256 hash chain.


    **Authentication:** `Authorization: Bearer f0_live_*` or `alk_live_*` API
    keys (write or read scope).


    **Async ingest (default):** POST ingest endpoints return `202 Accepted` with
    a `receipt_id`.

    Poll `GET /v1/receipts/{id}` until `status` is `committed` or `failed`.

    Force synchronous ingest with header `X-Fact0-Sync: true`  or query
    `?sync=true`.
servers:
  - url: https://api.fact0.io
    description: Fact0 Cloud
security:
  - apiKey: []
tags:
  - name: Ingest
  - name: Query
  - name: Verify
  - name: Export
  - name: Chain
  - name: Stream
  - name: Share
paths:
  /v1/events:
    get:
      tags:
        - Query
      summary: List audit events
      operationId: listEvents
      parameters:
        - name: actor_id
          in: query
          schema:
            type: string
        - name: actor_type
          in: query
          schema:
            type: string
            enum:
              - human
              - agent
              - system
        - name: action
          in: query
          schema:
            type: string
        - name: resource_id
          in: query
          schema:
            type: string
        - name: outcome
          in: query
          schema:
            type: string
            enum:
              - success
              - failure
              - error
        - name: from
          in: query
          description: RFC3339 UTC lower bound
          schema:
            type: string
            format: date-time
        - name: to
          in: query
          description: RFC3339 UTC upper bound
          schema:
            type: string
            format: date-time
        - name: page
          in: query
          schema:
            type: integer
            default: 1
        - name: page_size
          in: query
          schema:
            type: integer
            default: 50
            maximum: 1000
      responses:
        '200':
          description: Paginated event list
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EventListResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    EventListResponse:
      type: object
      properties:
        events:
          type: array
          items:
            $ref: '#/components/schemas/AuditEvent'
        total:
          type: integer
        page:
          type: integer
        page_size:
          type: integer
    AuditEvent:
      allOf:
        - $ref: '#/components/schemas/AuditEventInput'
        - type: object
          properties:
            tenant_id:
              type: string
            prev_hash:
              type: string
            hash:
              type: string
            sequence_number:
              type: integer
              format: int64
            created_at:
              type: string
              format: date-time
    ErrorResponse:
      type: object
      properties:
        error:
          oneOf:
            - type: string
            - type: object
              properties:
                code:
                  type: string
                message:
                  type: string
    AuditEventInput:
      type: object
      required:
        - actor
        - action
        - resource
        - outcome
      properties:
        id:
          type: string
        timestamp:
          type: string
          format: date-time
        actor:
          $ref: '#/components/schemas/Actor'
        action:
          type: string
          description: Dot-notation action name (e.g. document.delete)
        resource:
          $ref: '#/components/schemas/Resource'
        outcome:
          type: string
          enum:
            - success
            - failure
            - error
        metadata:
          type: object
          additionalProperties: true
    Actor:
      type: object
      required:
        - id
        - type
      properties:
        id:
          type: string
        type:
          type: string
          enum:
            - human
            - agent
            - system
        email:
          type: string
    Resource:
      type: object
      required:
        - id
        - type
      properties:
        id:
          type: string
        type:
          type: string
        name:
          type: string
  responses:
    BadRequest:
      description: Invalid request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: Missing or invalid API key
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    apiKey:
      type: http
      scheme: bearer
      description: API key prefixed with `alk_live_`. Write scope required for ingest.

````