Skip to main content
Invoice Audit Trail API
curl --request GET \
  --url https://api.pazy.io/v1.0/invoice/:id/audit-trail

Authentication

All requests require an API key in the request headers. Headers: 
Authorization: Api-Key YOUR_API_KEY

Request

Content-Type: application/json

Path Parameters

ParameterTypeRequiredDescription
idstringYesThe unique identifier of the invoice to retrieve

Code Examples

curl -X GET https://api.pazy.io/v1.0/invoice/invoice_identifier/audit-trail \
  -H "Authorization: Api-Key YOUR_API_KEY"

Success Response

HTTP Status: 200 OK Response Fields:
FieldTypeDescription
okbooleanIndicates whether the request was successful
dataobjectContains the invoice audit trail response data
data.auditTrailarrayList of audit trail associated with the invoice
data.auditTrail[].dateCreatedstringThe date when the audit trail entry was created (ISO 8601 format)
data.auditTrail[].actionTypestringThe type of the audit. It is one of five values: TRANSITION, REPAIR, DRAFTED, SYNCED, EDIT, PAYMENT, ATTACHMENT, OVERRIDES, MIGRATED, REFUND, ACKNOWLEDGEMENT, PAYMENT_SYNCED, FLAG_RESOLVED
data.auditTrail[].userobjectInformation about the user who made the comment
data.auditTrail[].user.idstringUnique identifier for the user
data.auditTrail[].user.namestringName of the user
data.auditTrail[].detailsobjectDetails about the audit trail entry
data.auditTrail[].details.changeobjectGive the state of old and new state
data.auditTrail[].details.change.oldobjectGive the old state
data.auditTrail[].details.change.newobjectGive the new state
data.auditTrail[].details.actionBystringGive who performed the action: USER, PLATFORM
data.contextobjectAdditional context for the audit trail
data.context.countnumberThe total number of audit trail

Response Example

{
  "ok": true,
  "data": {
    "auditTrail": [
      {
        "dateCreated": "2026-03-17T06:18:54.434Z",
        "actionType": "TRANSITION",
        "user": {
          "id": "usFfXfehUdN12s6n",
          "name": "John Doe"
        },
        "details": {
          "change": {
            "new": "PENDING",
            "old": "DRAFTED"
          },
          "actionBy": "USER"
        }
      }
    ],
    "context": {
      "count": 1
    }
  }
}

Error Responses

Missing Invoice ID

HTTP Status: 400 Bad Request 
{
  "ok": false,
  "error": {
    "code": "MISSING_REQUIRED_FIELD",
    "message": "Invoice ID is required"
  }
}

Invoice Not Found

HTTP Status: 404 Not Found 
{
  "ok": false,
  "error": {
    "code": "INVOICE_NOT_FOUND",
    "message": "Invoice not found"
  }
}

Access Denied

HTTP Status: 403 Forbidden 
{
  "ok": false,
  "error": {
    "code": "ACCESS_DENIED",
    "message": "Access denied: You can only view your own invoices or invoices where you are the vendor owner"
  }
}

Authentication Errors

HTTP Status: 401 Unauthorized 
{
  "ok": false,
  "error": {
    "code": "MISSING_CREDENTIALS",
    "message": "Missing Credentials"
  }
}

{
  "ok": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "Invalid API Key"
  }
}

Permission Errors

HTTP Status: 403 Forbidden 
{
  "ok": false,
  "error": {
    "code": "INSUFFICIENT_PERMISSIONS",
    "message": "Permission check failed - PERMISSION_CHECK_FAILED"
  }
}

Best Practices

Access Control

  • Only invoices you created or where you are the vendor owner are accessible (unless you have admin or auditor role)
  • Use the invoice id returned from the invoice creation endpoint to retrieve audit trail