go-auditGo Audit
API Reference

API Audit API

Record and query outbound HTTP calls.

The API audit surface lives under auditor.API().

Auditor.API().Record(ctx, entry) → error

Writes an API call record to the audit_api_logs table. Applies header and body redaction, JSON marshaling, and body truncation according to APIAuditConfig. Returns nil (without persisting) when APIAudit.Enabled == false.

_ = auditor.API().Record(ctx, audit.APIEntry{
    Service:    "bca",
    Endpoint:   "/v1/transfer",
    Method:     http.MethodPost,
    StatusCode: 200,
    RequestHeaders: map[string]string{
        "Authorization": "Bearer " + token,
        "Content-Type":  "application/json",
    },
    RequestBody:  reqBody,
    ResponseBody: respBody,
    DurationMs:   842,
})

Auditor.API().Query(ctx, filter) → ([]AuditAPILog, error)

Returns API call records matching the filter, ordered by created_at DESC.

audit.APIEntry

type APIEntry struct {
    Service        string
    Endpoint       string
    Method         string
    StatusCode     int
    RequestHeaders map[string]string
    RequestBody    any
    ResponseBody   any
    DurationMs     int
    ErrorMessage   string
    Metadata       map[string]any
    TransactionID  string
}
FieldNotes
RequestHeadersmap[string]string. One value per header key.
RequestBodyany — anything JSON-encodable.
ResponseBodyany — same.
TransactionIDOverrides context transaction ID when set.

audit.APIFilter

type APIFilter struct {
    Service       string
    StatusCode    int
    UserID        string
    TransactionID string
    DateFrom      time.Time
    DateTo        time.Time
    Limit         int
    Offset        int
}

Method and endpoint are intentionally not filter fields — use Service plus a date range or transaction ID to narrow results.

audit.AuditAPILog

type AuditAPILog struct {
    ID             uint64          `json:"id"`
    Service        string          `json:"service"`
    Endpoint       string          `json:"endpoint"`
    Method         string          `json:"method"`
    StatusCode     int             `json:"status_code"`
    RequestHeaders json.RawMessage `json:"request_headers,omitempty"`
    RequestBody    json.RawMessage `json:"request_body,omitempty"`
    ResponseBody   json.RawMessage `json:"response_body,omitempty"`
    DurationMs     int             `json:"duration_ms"`
    ErrorMessage   string          `json:"error_message,omitempty"`
    UserID         string          `json:"user_id,omitempty"`
    Metadata       json.RawMessage `json:"metadata,omitempty"`
    TransactionID  string          `json:"transaction_id,omitempty"`
    CreatedAt      time.Time       `json:"created_at"`
}

RequestHeaders, RequestBody, ResponseBody, and Metadata are json.RawMessage — decode them at read time.

Data Audit API

Record and query data change events.

Query & Filters

Cross-table queries, retention, snapshot, and restore.

On this page

Auditor.API().Record(ctx, entry) → errorAuditor.API().Query(ctx, filter) → ([]AuditAPILog, error)audit.APIEntryaudit.APIFilteraudit.AuditAPILog