Skip to main content
Every signing request in Firma has a complete audit trail. Every document view, field interaction, signature, decline, and admin action is recorded with timestamps, actor identity, and IP addresses. Common use cases:
  • Compliance and legal evidence — prove who signed what, when, and from where
  • Debugging signer issues — see exactly what a recipient did during their signing session
  • Internal reporting — track admin actions like creation, edits, and cancellations
The audit trail captures two categories of events:
  • Signer events — document views, field interactions, signing, declining, certificate downloads
  • Admin events — creation, edits, sending, cancellation, resending (via dashboard or API)
Each event includes a timestamp, a human-readable description, actor identity, and (for signer events) the signer’s IP address.

Viewing the audit trail in the dashboard

Open any signing request in the Firma dashboard and click the Audit Trail tab. You’ll see a chronological timeline of all events, with signer actions and admin actions visually distinguished. Consecutive repetitive events (like scrolling or repeated field interactions) are automatically condensed with a count indicator.

Retrieving the audit trail via API

Use the audit endpoint to fetch the full event history for a signing request:

curl

Node.js

Python

Example response

Response fields

Understanding event sources

The source field tells you whether an event came from a signer or an admin, and the actor field has a different shape for each.

Signer events

Events with source: "signer" are actions taken by recipients during the signing flow. The actor object contains the signer’s name and email. The ip_address field is populated.

Admin events

Events with source: "admin" are actions taken via the dashboard or API. The actor object contains a type field ("api_key" or "user") and optionally a user_id. The ip_address field is null.

Real-time tracking via webhooks

If you need real-time notification of signer events rather than polling the audit endpoint, Firma supports webhooks. See the Webhooks guide for setup instructions.

Event reference

Document lifecycle

Signature and verification

Field interactions

Field interactions are tracked as field_interaction events. The details object contains the specific action and field metadata. The details object for field interactions includes:

Admin activity

Admin events use event: "activity" with a human-readable description field that describes the action taken (e.g., “Created signing request via API”, “Sent signing request”, “Cancelled signing request”).