> ## Documentation Index
> Fetch the complete documentation index at: https://docs.arcuserp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get a single audit log entry by ID

> Returns the full detail of a single audit log entry by ID. Each entry includes the actor
(user ID or API key ID), timestamp, resource type, resource ID, action performed, and a
structured `changes` object showing before and after values for every modified field.
Requires `audit:read` scope.




## OpenAPI

````yaml /openapi.yaml get /audit_log_entries/{id}
openapi: 3.1.0
info:
  title: Arcus ERP Public API
  version: 1.0.0
  description: >
    Arcus ERP public REST API. Designed for external integrations and data
    migration.


    **Authentication.** Bearer token (API key) via the `Authorization` header.

    Format: `Authorization: Bearer ark_live_ent_<code>_<random>` (or
    `ark_test_*` for sandbox).

    API keys are issued per-entity in **Settings > Developers > API Keys**.


    **Entity scoping.** The entity is encoded in the API key prefix; routes are
    flat

    (e.g. `/v1/accounts`, `/v1/orders`, `/v1/products`). A small set of platform
    endpoints

    (migration, reconciliation, events, webhook endpoints, API keys) use the

    `/v1/entities/{entity_id}/...` form -- those are noted in their tags.


    **Key capabilities.**
      - Related-resource hydration via `?expand[]=` (see `x-arcus-expand` on each resource).
      - Cursor-based pagination (`starting_after` / `ending_before` / `limit`).
      - Idempotency via the `Idempotency-Key` header.
      - Webhook events for asynchronous notification.
      - Conditional requests / ETag for cache validation.
servers:
  - url: https://api.arcuserp.com/v1
    description: Arcus ERP API (accepts both live `ark_live_*` and test `ark_test_*` keys)
  - url: https://dev-api.arcuserp.com/v1
    description: >-
      Dev sandbox API (test-only data, accepts `ark_test_*` keys against dev
      RDS)
security: []
paths:
  /audit_log_entries/{id}:
    get:
      tags:
        - AuditLog
      summary: Get a single audit log entry by ID
      description: >
        Returns the full detail of a single audit log entry by ID. Each entry
        includes the actor

        (user ID or API key ID), timestamp, resource type, resource ID, action
        performed, and a

        structured `changes` object showing before and after values for every
        modified field.

        Requires `audit:read` scope.
      operationId: getAuditLogEntry
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
            format: uuid
        - name: expand
          in: query
          required: false
          schema:
            type: array
            items:
              type: string
              enum:
                - actor
                - resource
                - diff
                - chain
          explode: true
          description: |
            actor: resolve actor name/email from users table.
            resource: join full resource row (product, order, account, etc.).
            diff: include before_state, after_state, diff JSONB.
            chain: include prev_hash, entry_hash, archived_at.
      responses:
        '200':
          description: Single audit log entry
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditLogEntry'
        '401':
          $ref: '#/components/responses/Error'
        '403':
          $ref: '#/components/responses/Error'
        '404':
          $ref: '#/components/responses/Error'
      security:
        - ApiKeyAuth: []
components:
  schemas:
    AuditLogEntry:
      type: object
      description: >
        A single audit log entry from activity_log. Audit log entries are
        created

        automatically by canonical handlers via logActivity() and are immutable.

        The public API exposes read-only access only (Rule 20, append-only
        design).

        Chain integrity fields (prev_hash, entry_hash) are included when

        expand[]=chain is requested.
      properties:
        id:
          type: string
          format: uuid
        object:
          type: string
          enum:
            - audit_log_entry
        entity_id:
          type: string
          format: uuid
        actor:
          type: object
          description: Actor who performed the action. Resolved from metadata.actor JSONB.
          properties:
            type:
              type: string
              enum:
                - user
                - api_key
                - system
                - webhook
            id:
              type: string
              nullable: true
            label:
              type: string
              nullable: true
            name:
              type: string
              nullable: true
              description: Present when expand[]=actor.
            email:
              type: string
              nullable: true
              description: Present when expand[]=actor.
            on_behalf_of_user_id:
              type: string
              nullable: true
        action:
          type: string
          description: Dot-namespaced action slug, e.g. order.created.
        resource:
          type: object
          properties:
            type:
              type: string
            id:
              type: string
              format: uuid
              nullable: true
            label:
              type: string
              nullable: true
        description:
          type: string
          nullable: true
        metadata:
          type: object
          nullable: true
          description: >-
            Arbitrary JSONB payload. Internal keys (_actor, _api_key_id, etc.)
            prefixed with underscore.
        ip_address:
          type: string
          nullable: true
        user_agent:
          type: string
          nullable: true
        session_id:
          type: string
          nullable: true
        request_id:
          type: string
          nullable: true
        severity:
          type: string
          enum:
            - info
            - warning
            - critical
            - security
          nullable: true
        outcome:
          type: string
          enum:
            - success
            - failure
          nullable: true
        error_code:
          type: string
          nullable: true
        before_state:
          nullable: true
          description: State before the action. Present when expand[]=diff.
        after_state:
          nullable: true
          description: State after the action. Present when expand[]=diff.
        diff:
          nullable: true
          description: Computed diff of before/after state. Present when expand[]=diff.
        _chain:
          type: object
          nullable: true
          description: Cryptographic chain fields. Present when expand[]=chain.
          properties:
            prev_hash:
              type: string
              nullable: true
            entry_hash:
              type: string
              nullable: true
            archived_at:
              type: string
              format: date-time
              nullable: true
        created_at:
          type: string
          format: date-time
    ErrorEnvelope:
      type: object
      description: |
        Canonical error response envelope. All API errors use this shape.
      required:
        - error
        - code
      properties:
        error:
          type: string
          description: Machine-readable error key
          example: not_found
        code:
          type: string
          description: Machine-readable error code (often same as error)
          example: not_found
        type:
          type: string
          enum:
            - validation_error
            - permission_error
            - not_found
            - conflict
            - rate_limit
            - internal
            - expand_error
            - not_implemented
          example: not_found
        hint:
          type: string
          description: Human-readable one-sentence explanation (English)
          example: >-
            The requested order does not exist or does not belong to this
            entity.
        param:
          type: string
          description: The parameter that caused the error, if applicable
          example: expand[0]
        required:
          type: string
          description: The scope required (only on insufficient_scope errors)
          example: accounts:read
        request_id:
          type: string
          description: >-
            Unique request ID for support tracing (maps to CloudWatch log
            stream)
          example: req_abc123
  responses:
    Error:
      description: Error response (400/401/403/404/409/422/429/500)
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorEnvelope'
  securitySchemes:
    ApiKeyAuth:
      type: http
      scheme: bearer
      description: |
        API key issued per entity via Settings > Developers > API Keys.
        Each key carries scopes (e.g. orders:read, products:write).
        Bearer token format: Authorization: Bearer ark_live_ent_<code>_<random>
        Test keys use ark_test_ent_<code>_<random>. Both are issued per entity
        via Settings > Developers > API Keys.

````