Media Governance Audit Export API
The Media Governance Audit Export API exports audit records for requests that included media-governance analysis. Use it when security, privacy, or compliance teams need a bounded evidence package for multimodal AI workflows.
This endpoint is served by the Orchestrator and is commonly reached through the Agent proxy in deployments that expose orchestrator APIs through the Agent.
Endpoint
GET /api/v1/media-governance/audit/export
Authentication And Tier Gate
The handler requires:
- a paid self-hosted tier: Professional, Enterprise, or Plus
X-Tenant-IDon the request
If the deployment tier is not paid, the endpoint returns:
{
"error": {
"code": "ENTERPRISE_REQUIRED",
"message": "Media governance audit export requires Enterprise license"
}
}
The error message uses the existing Enterprise wording, but the code gate is IsPaidTier, which currently means Professional, Enterprise, or Plus. SaaS Plugin tiers such as Pro and Premium are a separate product line and are not included in this gate.
Query Parameters
| Parameter | Default | Description |
|---|---|---|
format | json | Output format. Supported values: json, csv. |
from | 7 days before request time | Start timestamp, RFC3339. |
to | request time | End timestamp, RFC3339. |
Invalid formats return 400 INVALID_FORMAT. Invalid timestamps return 400 INVALID_FROM or 400 INVALID_TO.
JSON Response
For format=json or omitted format, the response shape is:
{
"records": [
{
"request_id": "req_123",
"tenant_id": "tenant_abc",
"timestamp": "2026-06-30T12:00:00Z",
"media_type": "image",
"analysis_results": {
"has_pii": true,
"pii_types": ["email"]
},
"policy_actions": ["block"],
"blocked": true
}
],
"tenant_id": "tenant_abc",
"from": "2026-06-23T12:00:00Z",
"to": "2026-06-30T12:00:00Z",
"count": 1
}
The query reads from audit_logs rows whose policy_details include media_type, ordered by newest first, with a maximum of 10,000 records.
CSV Response
For format=csv, the response uses:
Content-Type: text/csvContent-Disposition: attachment; filename=media-audit-{tenant_id}-{YYYYMMDD}.csv
CSV columns:
| Column | Description |
|---|---|
request_id | Governed request identifier |
tenant_id | Tenant from X-Tenant-ID |
timestamp | RFC3339 timestamp |
media_type | Media type stored in policy_details, defaulting to image when absent |
blocked | Boolean blocked status |
policy_actions | JSON-encoded list of policy actions |
The CSV export intentionally omits the nested analysis_results object so spreadsheet consumers get a stable flat schema.
Example
curl "http://localhost:8080/api/v1/media-governance/audit/export?format=csv&from=2026-06-01T00:00:00Z&to=2026-06-30T23:59:59Z" \
-H "Authorization: Basic $(echo -n 'your-client-id:your-client-secret' | base64)" \
-H "X-Tenant-ID: tenant_abc" \
-o media-audit.csv
Error Responses
| HTTP Status | Code | Description |
|---|---|---|
| 400 | MISSING_TENANT_ID | X-Tenant-ID header is missing |
| 400 | INVALID_FORMAT | format is not json or csv |
| 400 | INVALID_FROM | from is not RFC3339 |
| 400 | INVALID_TO | to is not RFC3339 |
| 403 | ENTERPRISE_REQUIRED | Deployment tier does not satisfy the paid-tier gate |
| 500 | QUERY_ERROR | Audit query failed |
