FruxonDocs
UsersAPI Access

Page through a token's lifecycle audit events.

Returns mint / rotate / revoke / used-while-revoked events newest-first, plus a `nextPageToken` the caller replays to fetch older events — the same cursor-pagination contract as `/activity`. This is the lifecycle history; per-request usage lives under `/activity`.

GET
/v1/tenants/{tenant}/tokens/{token}/auditEvents

Authorization

Bearer
AuthorizationBearer <token>

JWT Authorization header using the Bearer scheme. Enter 'Bearer' [space] and then your token.

In: header

Path Parameters

token*string

The token identifier.

tenant*string

The tenant identifier

Query Parameters

PageSize?integer

The maximum number of items to return per page

Formatint32
PageToken.Skip?integer
Formatint32
PageToken.Cursor?string

Opaque cursor token from an external system (e.g. RAG API). When set, M:Fruxon.Common.Collections.PageToken.AsString returns this value directly instead of encoding Fruxon.Common.Collections.PageToken.Skip.

Response Body

curl -X GET "https://api.fruxon.com/v1/tenants/string/tokens/string/auditEvents"
{
  "items": [
    {
      "id": "00000000-0000-0000-0000-000000000000",
      "tokenId": "00000000-0000-0000-0000-000000000000",
      "keyPrefix": "string",
      "eventType": "MINTED",
      "createdAt": 0,
      "userId": "string",
      "actor": "string",
      "details": "string",
      "tenantId": "00000000-0000-0000-0000-000000000000"
    }
  ],
  "nextPageToken": "string",
  "totalCount": 0
}
Empty
Empty
{
  "type": "string",
  "title": "string",
  "status": 0,
  "detail": "string",
  "instance": "string",
  "property1": null,
  "property2": null
}

Page through request activity for an API key.

Returns a page of request events newest-first — one per authenticated HTTP call made with the key — plus a `nextPageToken` the caller replays to fetch older events. Each event carries the method, route, status code and latency, so the dashboard can answer "what endpoints is this key calling, how often, and are the calls succeeding?". Distinct from `/auditEvents`, which is the key's security lifecycle (mint / rotate / revoke). This is the usage stream and is high-volume, hence cursor pagination rather than a flat list.

Get the calling API key's own metadata — name, prefix, scopes, expiry, last-used.

Self-introspection. Returns 404 when the caller authenticated via federation/JWT (no API key in scope) and 401 when there's no authentication at all. Never returns the raw secret — only the displayable prefix. No `[RequireScope]`: a key must be able to read its own metadata regardless of what scopes it carries, otherwise narrow keys couldn't see what they can do.