Audit trail

Every configuration change in SOAP-2-REST by Specaria is captured as an audit event. The audit trail answers the governance question — who changed what, when, and what did it look like before and after — and it shares the same UI as the rest of observability, so operational and governance questions are answered in one place.

---

What is recorded

Each audit event records:

• Actor email — the identity that performed the action.
• Actor role — the application role (admin / operator / reader) in effect at the time.
• Action type — the operation performed.
• Before / after state — the prior and new values, where applicable, so a change is fully reconstructable.
• Correlation ID — to cross-reference the change against related activity.
• Result status — whether the action succeeded.

Sensitive values are never written to the audit trail in plaintext — backend credentials, for example, are recorded as a change to the credential metadata (set / last-updated), never the secret itself. See backend credential encryption.

---

Which actions are audited

Audit events are mandatory for every mutating control-plane action, including:

• Service CRUD — create, update, soft-delete, hard-delete.
• Version activation / rollback — every publish and every rollback.
• Mapping changes — manual mapping edits, regeneration, and override changes.
• Backend profile changes — endpoint, auth mode, timeout/retry, and credential updates.
• Role-binding changes — IdP-group → role bindings and direct in-app principal assignments.
• Settings changes — every mutable setting (timeouts, retries, retention, debug toggles, SMTP alert delivery configuration).

If a change can affect how traffic is converted or who can administer the platform, it is audited.

---

Querying the audit trail

GET /admin/v1/audit-events returns audit history, paged server-side. Filters:

• window — 15m / 1h / 24h / 7d / 30d / 60d, or a custom start/end range inside the retained window.
• page / pageSize.

The response carries items[] plus page, pageSize, totalItems, and totalPages. See the Admin API.

---

Retention

Audit events are retained for 60 days by default, and the window is configurable to your policy — the same retention model as the rest of the platform's telemetry. See Data retention.

---

Related pages

• Observability overview
• Logs & tracing
• RBAC & roles
• Admin API — settings & roles

---

All Specaria SOAP to REST docs