Get approved/blocked audit logs

get

{protocol}://{host}:{port}/xray/api/v1/curation/audit/packages

Export approved/blocked audit events for packages.

When dry_run=false (default), outputs real audit events. Each event includes the non-dry-run policies that affected it (blocking, bypassed, waived). This is what the UI shows on the Blocked/Approved tab.

When dry_run=true, outputs dry-run events — one per dry-run policy. This is what the UI shows on the Dry Run tab.

When format=csv, the response is a ZIP file containing a CSV. Pagination counts audit events, not CSV rows — each event may produce multiple rows (one per policy).

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Query Params

order_by

string

Defaults to id

Column to sort by. Default: id.

direction

string

enum

Defaults to desc

Sorting direction: asc or desc.

Allowed:

num_of_rows

integer

1 to 2000

Defaults to 100

Maximum number of rows. Valid range: 1–2000 (JSON) or up to 500 000 (CSV).

offset

integer

Defaults to 0

Pagination offset.

created_at_start

date-time

Start of the time range (RFC 3339). Defaults to 7 days ago.

created_at_end

date-time

End of the time range (RFC 3339). Defaults to now.

include_total

boolean

Defaults to false

Include total_count in the response metadata. Not allowed when format=csv.

dry_run

boolean

Defaults to false

When false, returns real (non-dry-run) audit events. When true, returns dry-run events.

format

string

enum

Defaults to json

Response format. json returns JSON; csv returns a ZIP file containing a CSV.

Allowed:

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

200OK. When format=json, returns JSON. When format=csv, returns a ZIP archive (application/zip).

400Bad request — validation error or invalid parameters.

404Resource not found.