Skip to content
Oris Docs
Sign in Get API Key

Audit

GET /api/v1/oris/audit/alerts/subscriptions

List webhook subscriptions for the bound tenant

List subscriptions for the regulator's bound tenant. HMAC secrets are NEVER returned on this surface.

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Responses

StatusDescription
200 Successful Response

Example request

curl -X GET 'https://api.useoris.xyz/api/v1/oris/audit/alerts/subscriptions' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)'
POST /api/v1/oris/audit/alerts/subscriptions

Register a webhook subscription (returns HMAC secret ONCE)

Create a new webhook subscription. The server generates a fresh 32-byte HMAC-SHA256 secret and returns its hex on this response ONLY — subsequent GETs redact it. The caller MUST persist the secret on their side; we cannot re-issue it (subscription delete + re-create regenerates a new one).

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Request body

application/json, schema: AlertSubscriptionCreateRequest

Responses

StatusDescription
201 Successful Response
422 Validation Error

Example request

curl -X POST 'https://api.useoris.xyz/api/v1/oris/audit/alerts/subscriptions' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)' \
  -H 'Content-Type: application/json' \
  -d '{...}'
DELETE /api/v1/oris/audit/alerts/subscriptions/{subscription_id}

Disable a subscription (soft delete; row retained for audit)

Soft delete via ``status='disabled'``. The row stays in the table forever (audit trail of who-subscribed-when); the dispatcher refuses to fire against non-active subscriptions

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Path parameters

NameTypeRequiredDescription
subscription_id string Yes

Responses

StatusDescription
200 Successful Response
422 Validation Error

Example request

curl -X DELETE 'https://api.useoris.xyz/api/v1/oris/audit/alerts/subscriptions/{subscription_id}' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)'
GET /api/v1/oris/audit/anchor/latest

Current on-chain L7 audit-log anchor state

Read-through to ``OrisAuditLogRegistry.latestEpoch()`` + ``latestRoot()`` + ``latestEntryCount()`` + ``paused()``.

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Responses

StatusDescription
200 Successful Response

Example request

curl -X GET 'https://api.useoris.xyz/api/v1/oris/audit/anchor/latest' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)'
GET /api/v1/oris/audit/bundles

List audit-log entries

bound tenant.

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Query parameters

NameTypeRequiredDescription
limit integer No
offset integer No
agent_id string No
sar_flag string No
bundle_created_after string No
bundle_created_before string No

Responses

StatusDescription
200 Successful Response
422 Validation Error

Example request

curl -X GET 'https://api.useoris.xyz/api/v1/oris/audit/bundles' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)'
GET /api/v1/oris/audit/bundles/{bundle_id_evm_hex}

Single audit-log entry + merkle inclusion proof

Single row + (when committed on-chain) merkle inclusion proof is identical to the L4 batched-anchor path's hash chain.

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Path parameters

NameTypeRequiredDescription
bundle_id_evm_hex string Yes

Responses

StatusDescription
200 Successful Response
422 Validation Error

Example request

curl -X GET 'https://api.useoris.xyz/api/v1/oris/audit/bundles/{bundle_id_evm_hex}' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)'
GET /api/v1/oris/audit/bundles/{bundle_id_evm_hex}/disclosure

Decrypt the sealed disclosure (regulator-only)

#6 v1: the API holds the offline-provisioned AGE identity (via lifespan singleton) and decrypts on the regulator's behalf behind the ``disclosure:read`` scope. NOTE: v1 returns the decrypted JSON. v2 should add a per-request itself anchored — deferred.

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Path parameters

NameTypeRequiredDescription
bundle_id_evm_hex string Yes

Responses

StatusDescription
200 Successful Response
422 Validation Error

Example request

curl -X GET 'https://api.useoris.xyz/api/v1/oris/audit/bundles/{bundle_id_evm_hex}/disclosure' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)'
GET /api/v1/oris/audit/sar-queue

SAR review queue (operator scope)

spans tenants under a single compliance team's review remit. The cross-tenant SELECT returns the full SAR-flagged slice. Operators see a clear server error rather than the silently-empty result that the old implementation produced.

Auth: Ed25519 request signing. Send Authorization, X-Request-Signature, X-Timestamp, and X-Nonce headers on every call. Nonce TTL is thirty seconds.

Query parameters

NameTypeRequiredDescription
limit integer No
offset integer No

Responses

StatusDescription
200 Successful Response
422 Validation Error

Example request

curl -X GET 'https://api.useoris.xyz/api/v1/oris/audit/sar-queue' \
  -H 'Authorization: oris_sk_live_***' \
  -H 'X-Request-Signature: ***' \
  -H 'X-Timestamp: $(date +%s)' \
  -H 'X-Nonce: $(uuidgen)'