Go AuditAPI Reference
API Audit API
Record and query outbound HTTP calls.
The API audit surface lives under auditor.API().
Auditor.API().Record(ctx, entry) → error
Writes an API call record to the audit_api_logs table. Applies
header and body redaction, JSON marshaling, and body truncation
according to APIAuditConfig. Returns nil (without persisting) when
APIAudit.Enabled == false.
_ = auditor.API().Record(ctx, audit.APIEntry{
Service: "bca",
Endpoint: "/v1/transfer",
Method: http.MethodPost,
StatusCode: 200,
RequestHeaders: map[string]string{
"Authorization": "Bearer " + token,
"Content-Type": "application/json",
},
RequestBody: reqBody,
ResponseBody: respBody,
DurationMs: 842,
})Auditor.API().Query(ctx, filter) → ([]AuditAPILog, error)
Returns API call records matching the filter, ordered by
id DESC (newest first).
audit.APIEntry
Go
type APIEntry struct {
Service string
Endpoint string
Method string
StatusCode int
RequestHeaders map[string]string
ResponseHeaders map[string]string
RequestBody any
ResponseBody any
DurationMs int
ErrorMessage string
Metadata map[string]any
TransactionID string
}Go snippet
| Field | Notes |
|---|---|
RequestHeaders | map[string]string. One value per header key. |
ResponseHeaders | map[string]string. Redacted using the same RedactHeaders list as RequestHeaders. |
RequestBody | any — anything JSON-encodable (struct, map, pointer, …). |
ResponseBody | any — same. |
TransactionID | Overrides context transaction ID when set. |
audit.APIFilter
Go
type APIFilter struct {
Service string
StatusCode int
UserID string
TransactionID string
DateFrom time.Time
DateTo time.Time
Limit int
Offset int
}Go snippet
Method and endpoint are intentionally not filter fields — use
Service plus a date range or transaction ID to narrow results.
audit.AuditAPILog
Go
type AuditAPILog struct {
ID uint64 `json:"id"`
Service string `json:"service"`
Endpoint string `json:"endpoint"`
Method string `json:"method"`
StatusCode int `json:"status_code"`
RequestHeaders json.RawMessage `json:"request_headers,omitempty"`
ResponseHeaders json.RawMessage `json:"response_headers,omitempty"`
RequestBody json.RawMessage `json:"request_body,omitempty"`
ResponseBody json.RawMessage `json:"response_body,omitempty"`
DurationMs int `json:"duration_ms"`
ErrorMessage string `json:"error_message,omitempty"`
UserID string `json:"user_id,omitempty"`
Metadata json.RawMessage `json:"metadata,omitempty"`
TransactionID string `json:"transaction_id,omitempty"`
CreatedAt time.Time `json:"created_at"`
}Go snippet
RequestHeaders, ResponseHeaders, RequestBody, ResponseBody,
and Metadata are json.RawMessage — decode them at read time.