Documentation menu
Tenant reporting API
Read search and API key access reports within tenant boundaries.
Reporting endpoints use a tenant admin JWT instead of a server-to-server API key and return audit records only for the authenticated institution.
Search logs
The list endpoint supports date, success, match, actor and source filters. Large responseSnapshot objects are excluded from list rows and returned only by the detail endpoint.
API key logs
API key access records report successful and failed requests, a safe key snapshot, path, method and duration. Plain keys and key hashes are excluded from the public response model.
Tenant isolation
Every query is scoped by institutionId. One tenant cannot list or inspect another tenant’s records.
Retention and minimization
When exporting reports, restrict access and retention according to your institutional policy. Response snapshots may contain personal data.
Decision boundary
An API result is a candidate match. A final sanctions or compliance decision requires official-source verification and human review.