List Audit Events - Theo API Docs

GET

api

audit

List Audit Events

curl --request GET \
  --url https://api.example.com/api/v1/audit

{
  "id": "<string>",
  "action": "<string>",
  "entityType": "<string>",
  "entityId": "<string>",
  "userId": "<string>",
  "timestamp": "<string>",
  "inputSummary": {},
  "outputSummary": {}
}

Query the immutable audit trail. Every API action (completions, skill installs, key operations, etc.) is logged with full context.

Authentication

Requires a Bearer token. See Authentication.

Request Example

curl https://www.hitheo.ai/api/v1/audit \
  -H "Authorization: Bearer $THEO_API_KEY"

Response

Returns an array of audit event objects. Each event includes:

string

Event ID.

action

string

Action performed (e.g., "completion.created", "skill.installed", "key.created").

entityType

string

Type of entity affected (e.g., "completion", "skill", "api_key").

entityId

string

ID of the affected entity.

userId

string

User who performed the action.

timestamp

string

ISO 8601 timestamp.

inputSummary

object

Summary of the request input.

outputSummary

object

Summary of the response output.

Audit events are stored in a tamper-evident, append-only log. They cannot be modified or deleted.

Endpoint

GET /api/v1/audit Requires authentication via Bearer token. See Authentication.

Key Skill Binding

Export Audit Log (CSV)

⌘I

List Audit Events

curl --request GET \
  --url https://api.example.com/api/v1/audit

{
  "id": "<string>",
  "action": "<string>",
  "entityType": "<string>",
  "entityId": "<string>",
  "userId": "<string>",
  "timestamp": "<string>",
  "inputSummary": {},
  "outputSummary": {}
}

​Authentication

​Request Example

​Response

​Endpoint

Authentication

Request Example

Response

Endpoint