Retrieve Audit Events

The Retrieve Audit Events endpoint returns the audit log for a specific container.

Audit events provide a complete record of container activity, including successful access, denied access, policy updates, and deletion.

Endpoint

GET /users/{user_id}/containers/{container_id}/events

Base URL:

https://share.locktera.com/api/v1

Full request URL example:

https://share.locktera.com/api/v1/users/USER_ID/containers/CONTAINER_ID/events

Authentication

All requests must include a valid API key in the Authorization header.

Example request:

curl -X GET $BASE_URL/users/USER_ID/containers/CONTAINER_ID/events \
  -H "Authorization: Bearer YOUR_API_KEY"

Authentication and authorization are verified before audit records are returned.

Path Parameters

container_id
Required. The unique identifier of the container.

Example:

123e4567-e89b-12d3-a456-426614174000

Example Success Response

[
  {
    "org_id": "123e4567-e89b-12d3-a456-426614174000",
    "container_id": "123e4567-e89b-12d3-a456-426614174001",
    "ts": "2025-01-01T00:00:00Z",
    "user": "user@company.com",
    "action": "container.create",
    "detail": { ... }
  },
  {
    "org_id": "123e4567-e89b-12d3-a456-426614174000",
    "container_id": "123e4567-e89b-12d3-a456-426614174001",
    "ts": "2025-01-01T01:00:00Z",
    "user": "viewer@example.com",
    "action": "container.load",
    "detail": { ... }
  },
  {
    "org_id": "123e4567-e89b-12d3-a456-426614174000",
    "container_id": "123e4567-e89b-12d3-a456-426614174001",
    "ts": "2025-01-01T01:00:00Z",
    "user": "viewer@example.com",
    "action": "object.load",
    "detail": { ... }
  }
] 

Event Fields

Each audit event includes:

org_id
Unique identifier for the container's creating user.

container_id

Unique identifier of the container.

ts

ISO8601 timestamp when the event occurred.

user

Email address of the viewer who performed the action.

action

The action that occurred.

detail

Structured detail about the action that occurred. What data is present will depend on the type of action.

Example Error Responses

HTTP 404 Not Found

{
  "error": "not_found",
  "message": "Container not found"
}

HTTP 401 Unauthorized

{
  "error": "unauthorized",
  "message": "Invalid API key"
}

HTTP 403 Forbidden

{
  "error": "access_denied",
  "message": "You do not have permission to view audit events for this container"
}

What Is Logged

Audit events are created when:

• A container is created
• A container is decoded
• A decode attempt is denied
• DRM policies are updated
• A container is deleted

Audit logging cannot be disabled.

Important Notes

• Audit events include both successful and denied operations
• Audit logs are immutable and cannot be modified through the API.
• Audit logs are accessible only to authorized users
• Audit logs support compliance, monitoring, and forensic analysis

Audit events are cryptographically associated with container operations.

Get Container Metadata

GET /users/{user_id}/containers/{container_id}

Retrieve DRM Policy

GET /users/{user_id}/containers/{container_id}/drm

Decode Container Manifest

GET /users/{user_id}/containers/{container_id}/decode