Overview

The Audit Trails endpoint allows you to retrieve a complete, chronological history of every action performed on a specific document.

This includes signer activity, delivery status, status changes, OTP events, in-person signing actions, and system-generated logs.

Audit trails are essential for:

Compliance
Troubleshooting
Understanding how a document progressed through the signing workflow

Get the Audit Trail for a Document

Returns a list of audit trail entries for the specified document or document pack.

Endpoint:

GET /v1/audit_trail/<document_pack_key_or_child_document_key>

Note: You may pass either a document pack key or a child document key.

Child document key: returns audit entries for that specific document only.

Document pack key: returns audit entries for the pack level; not all child document actions are included.

Optional Query Parameters

Parameter	Description
page_size	Number of audit entries to return per request. Default: 100
cursor	Cursor returned from a previous request for pagination
obfuscate_contact_info	Boolean (`true`/`false`). Masks email addresses and mobile numbers in both `audit_detail` and `audit_detail_formatted`.

Audit Trail Entry Structure

Fields Explained

audit_detail

A human-readable description explaining what occurred.

Example:

Email has been received by [email protected] mail server

audit_detail_formatted

A formatted version of the audit entry that includes:

Timestamp (in the workspace's default timezone)
Audit entry type
Additional metadata such as IP address or contact information

audit_entry_type

A machine-readable identifier describing the type of event.

Examples include:

user_signed
signature_request_sent
email_tracking_info
sms_sent
document_completed
whatsapp_delivered
entered_correct_otp

For the full list of available values, see:

Audit Entry Types

date_created

The timestamp representing when the event occurred.

This value is returned as a floating-point number representing ticks/milliseconds since the Unix epoch.

document_pack_key

The key of the document pack associated with the audit entry.

email_address

The email address related to the audit event (if applicable).

mobile_number

The mobile number related to the audit event (if applicable).

ip_address

The IP address from which the request originated.

For user actions this will typically be the user’s device IP address. For system-generated events (such as email delivery tracking), this may represent server infrastructure.

user_key

The internal key of the user who performed the action.

This may be null for system-generated events.

user_name

The name of the user who performed the action.

key

Unique identifier for the audit trail entry.

Example Response

{
  "data": {
    "audit_trail": [
      {
        "audit_detail": "Email has been received by [email protected] mail server",
        "audit_detail_formatted": "31/03/2026 11:51:24 SAST+0200 email_tracking_info: Email has been received by [email protected] mail server 149.00.000.000",
        "audit_entry_type": "email_tracking_info",
        "date_created": 1774950684000,
        "document_key": "agF3kLm9PqR2sT8uVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZa",
        "email_address": "[email protected]",
	"ip_address": "149.00.000.000",
	"key": "agQ9wT1MzRaBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPqR",
        "mobile_number": "",
        "user_key": null,
        "user_name": null
      },
      {
        "audit_detail": "Signature request sent to: [email protected] (Joe)",
        "audit_detail_formatted": "31/03/2026 11:51:11 SAST+0200 signature_request_sent: Signature request sent to: [email protected] (Joe)",
        "audit_entry_type": "signature_request_sent",
        "date_created": 1774950671598,
        "document_key": "agF3kLm9PqR2sT8uVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZa",
        "email_address": "[email protected]",
	"ip_address": "102.00.00.00",
	"key": "agZ8yX2AbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQrStUvWxYzAbCdEfGhIjKlMnOpQr"
        "mobile_number": "",
        "user_key": "agX5nB7kLpQ2rStUvWxYzA1bC2dE3fG4hI5jK6lM7nO8p",
        "user_name": "Joe"
      }
    ]
  },
  "status": {
    "status_code": 200
  },
  "pagination": {
    "next": "[link_to_next_page]"
  }
}

Notes

Pagination

If a document has many audit events, the API paginates results using page_size and cursor.
To retrieve additional results, pass the cursor from the previous response.
Maximum page_size is typically 100.
pagination.next provides a link for the next page.

Obfuscation

Use obfuscate_contact_info=true when displaying audit trails to external users. This masks email addresses and mobile numbers:

[email protected] → exa***@example.com
+27000000000 → +27*********

Timezone Handling

audit_detail_formatted includes timestamps formatted using the workspace's default timezone.
date_created always contains the raw numeric timestamp (milliseconds since Unix epoch).

Quick Curl Example

curl -X GET "https://sandboxapi.quicklysign.com/v1/audit_trail/agF3kLm9PqR2sT8uVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZa" \
  -H "Authorization: Bearer YOUR_API_KEY"

Common gotchas when using the Audit Trail endpoint:

Child vs Document Pack Keys: Child documents track their own actions. Document packs track pack-level actions only. Don’t assume pack includes all child events.
Timestamps: date_created is always in milliseconds since Unix epoch. Decimals can be ignored.
Null & Empty Fields:
- user_key / user_name may be null for system events
- ip_address is never null, but may be empty ("")
Obfuscation: If obfuscate_contact_info=true, emails and mobile numbers are masked in both audit_detail and audit_detail_formatted
Audit Entry Types: New types may be added in the future. Avoid hardcoding all possible values