- Compliance and legal evidence — prove who signed what, when, and from where
- Debugging signer issues — see exactly what a recipient did during their signing session
- Internal reporting — track admin actions like creation, edits, and cancellations
- Signer events — document views, field interactions, signing, declining, certificate downloads
- Admin events — creation, edits, sending, cancellation, resending (via dashboard or API)
Viewing the audit trail in the dashboard
Open any signing request in the Firma dashboard and click the Audit Trail tab. You’ll see a chronological timeline of all events, with signer actions and admin actions visually distinguished. Consecutive repetitive events (like scrolling or repeated field interactions) are automatically condensed with a count indicator.Retrieving the audit trail via API
Use the audit endpoint to fetch the full event history for a signing request:curl
Node.js
Python
Example response
Response fields
Understanding event sources
Thesource field tells you whether an event came from a signer or an admin, and the actor field has a different shape for each.
Signer events
Events withsource: "signer" are actions taken by recipients during the signing flow. The actor object contains the signer’s name and email. The ip_address field is populated.
Admin events
Events withsource: "admin" are actions taken via the dashboard or API. The actor object contains a type field ("api_key" or "user") and optionally a user_id. The ip_address field is null.
Real-time tracking via webhooks
If you need real-time notification of signer events rather than polling the audit endpoint, Firma supports webhooks. See the Webhooks guide for setup instructions.Event reference
Document lifecycle
Signature and verification
Field interactions
Field interactions are tracked asfield_interaction events. The details object contains the specific action and field metadata.
The
details object for field interactions includes:
Navigation
Admin activity
Admin events useevent: "activity" with a human-readable description field that describes the action taken (e.g., “Created signing request via API”, “Sent signing request”, “Cancelled signing request”).