> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List activity events for a specific resource

> Convenience endpoint equivalent to
GET /v1/activity?resource_type=<type>&resource_id=<id>.
Returns activity events scoped to a specific resource within the entity.
Supports the same pagination and filter parameters as GET /v1/activity.
resource_id must be a valid UUID.




## OpenAPI

````yaml /openapi.yaml get /resources/{type}/{id}/activity
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /resources/{type}/{id}/activity:
    get:
      tags:
        - Activity
      summary: List activity events for a specific resource
      description: |
        Convenience endpoint equivalent to
        GET /v1/activity?resource_type=<type>&resource_id=<id>.
        Returns activity events scoped to a specific resource within the entity.
        Supports the same pagination and filter parameters as GET /v1/activity.
        resource_id must be a valid UUID.
      operationId: listResourceActivity
      parameters:
        - in: path
          name: type
          required: true
          schema:
            type: string
          description: Resource type (e.g. account, product, order, journal_entry).
        - in: path
          name: id
          required: true
          schema:
            type: string
            format: uuid
          description: Resource UUID.
        - name: limit
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 20
        - in: query
          name: starting_after
          schema:
            type: string
          description: Cursor for pagination.
        - in: query
          name: actor_type
          schema:
            type: string
            enum:
              - user
              - api_key
              - system
        - in: query
          name: actor_id
          schema:
            type: string
      responses:
        '200':
          description: Paginated list of activity events for the resource.
          content:
            application/json:
              schema:
                type: object
                properties:
                  object:
                    type: string
                    enum:
                      - list
                  data:
                    type: array
                    items:
                      $ref: '#/components/schemas/ActivityEvent'
                  has_more:
                    type: boolean
                  next_cursor:
                    type: string
                    nullable: true
                  url:
                    type: string
        '400':
          $ref: '#/components/responses/Error'
        '401':
          $ref: '#/components/responses/Error'
        '403':
          $ref: '#/components/responses/Error'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    ActivityEvent:
      type: object
      description: |
        A single activity log event (R11 envelope). Activity events are created
        automatically by canonical handlers via logActivity(). The public id
        uses the format act_<hex32> (UUID without dashes, prefixed with 'act_').

        Internal-only fields stripped from this envelope: prev_hash, entry_hash
        (audit chain integrity), archived_at, archive_uri (S3 archive pointer).
        These fields are admin-only and not exposed via the public API.
      required:
        - id
        - object
        - entity_id
        - created_at
        - actor
        - action
        - resource_type
      properties:
        id:
          type: string
          description: Public activity id in format act_<hex32>.
          example: act_550e8400e29b41d4a716446655440000
        object:
          type: string
          enum:
            - activity_event
        entity_id:
          type: string
          format: uuid
          description: Entity this event belongs to (Layer 1 scoping).
        created_at:
          type: string
          format: date-time
          description: Timestamp when the event was created (immutable; point-in-time).
        actor:
          $ref: '#/components/schemas/ActivityActor'
        action:
          type: string
          description: >
            Action string from the canonical ACTION_VALUES vocabulary

            (utils/activity-actions.mjs). Examples: account.created,
            product.updated,

            order.fulfilled, journal_entry.posted.
          example: account.created
        resource_type:
          type: string
          description: >-
            Type of the resource this event concerns (e.g. account, product,
            order).
          example: account
        resource_id:
          type: string
          format: uuid
          nullable: true
          description: >-
            UUID of the resource this event concerns (null for entity-level
            events).
        resource_label:
          type: string
          nullable: true
          description: >-
            Human-readable label of the resource at time of event (denormalized
            snapshot).
        description:
          type: string
          nullable: true
          description: Human-readable description of what happened.
        severity:
          type: string
          enum:
            - info
            - notice
            - warning
            - critical
          description: Severity level of the event.
          example: info
        outcome:
          type: string
          enum:
            - success
            - failure
            - denied
          description: Outcome of the action.
          example: success
        error_code:
          type: string
          nullable: true
          description: Error code if outcome=failure (null for success).
        request_id:
          type: string
          nullable: true
          description: HTTP request_id for tracing (maps to CloudWatch log stream).
        metadata:
          type: object
          description: |
            Additional structured metadata for this event. The internal _actor
            block is stripped and surfaced as the top-level actor field.
        diff:
          $ref: '#/components/schemas/ActivityDiff'
    ActivityActor:
      type: object
      description: >
        The actor who performed the action. actor.label is a point-in-time
        snapshot

        (denormalized at insert time; the live user may have been renamed
        since).
      properties:
        type:
          type: string
          enum:
            - user
            - api_key
            - system
          description: >-
            Actor type. user=Cognito JWT caller; api_key=public API key;
            system=cron/scheduler.
        id:
          type: string
          nullable: true
          description: >-
            Actor id (Cognito user_id for user; entity_api_keys.id for api_key;
            null for system).
        label:
          type: string
          nullable: true
          description: >-
            Human-readable label at time of action (e.g. 'Jane Smith' or 'API:
            Migration Key').
        on_behalf_of:
          nullable: true
          description: >
            When actor.type=api_key, the human user who created/owns the key
            (on_behalf_of.type='user').

            Null for user and system actors.
          properties:
            type:
              type: string
              enum:
                - user
            id:
              type: string
              nullable: true
              description: on_behalf_of user_id.
            label:
              type: string
              nullable: true
              description: on_behalf_of display_name.
    ActivityDiff:
      type: object
      description: State snapshot diff for the activity event.
      properties:
        before:
          nullable: true
          description: State before the action (null if not captured or not applicable).
        after:
          nullable: true
          description: State after the action (null if not captured or not applicable).
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````