Get an audit record - UIP Documentation

GET https://api.uip.digital/v1/audits/{id} · Auth: Bearer API key

Returns the redacted audit record for one verified step: the cryptographic proof, trusted timestamp, and hash-chain position. The signer’s identity stays sealed — this endpoint never decrypts it (see Audits for the two disclosure tiers). Scoped to your business: a record belonging to another business — or one that doesn’t exist — returns 404. The audit id is {session_id}_{stage}. You receive it on the step.completed webhook and on every result in GET /v1/sessions/{id}.

Path parameters

string

required

The audit id, e.g. sess_abc123_0 (session id + _ + zero-based stage).

Response

string

The audit id.

session_id

string

The session this step belonged to.

stage

integer

Zero-based index of the step within the session.

primitive

string

identify · age_verify · sign · light_sign.

wallet

string

The wallet that fulfilled the step.

proof

object

The cleartext cryptographic proof — PII-free by construction. Shape depends on the primitive:

Show proof by primitive

claims_digest

string

identify — a hash commitment to the disclosed claims (the cleartext claims arrived by webhook; the ledger keeps only the digest).

satisfied

boolean

age_verify — the threshold result.

min_age

integer

age_verify — the threshold that was proven.

document_hash

string

sign/light_sign — the hash the wallet signed.

signature

string

sign/light_sign — the device signature.

terms

string

light_sign — the exact terms text attested to.

documents

object[]

sign — per-file { id, hash } manifest, so any one file stays provable after the bytes are deleted.

record_hash

string

This record’s content hash (sha256:…), the head of the chain link.

prev_hash

string

The previous stage’s record_hash (or the genesis value for stage 0) — the per-session hash chain.

ts_token

string

RFC 3161 trusted-timestamp token, when a timestamping authority is configured.

occurred_at

string

ISO 8601 time the step verified.

client_reference_id

string

Your durable correlation key, if you set one at create.

business_redacted

boolean

true when the underlying identity was sealed (e.g. age_verify) — a flag, never the PII.

{
  "id": "sess_abc123_0",
  "session_id": "sess_abc123",
  "stage": 0,
  "primitive": "age_verify",
  "wallet": "apple-wallet",
  "proof": { "satisfied": true, "min_age": 21 },
  "occurred_at": "2026-06-07T12:01:30.000000000Z",
  "client_reference_id": "order_4815",
  "prev_hash": "0x000",
  "record_hash": "sha256:9f86d081...",
  "ts_token": "MIIE...",
  "business_redacted": true
}

404 if the audit record doesn’t exist or isn’t owned by your business.

Need the full, decrypted record for a legal proceeding? That’s a separate, lawful channel — see Audits → Legal requests.

​Path parameters

​Response

Path parameters

Response