Receipts API
Endpoints for listing, fetching, and verifying receipts. Receipts are append-only signed audit records — see Receipts concept for details.
List receipts
GET/v1/receipts
Returns a paginated list of receipts for the authenticated organization.
Query parameters
| Parameter | Type | Description |
|---|---|---|
decision | string | Filter by decision: allow, deny, pending_approval, error |
risk_level | string | Filter by risk: low, medium, high |
agent_id | string | Filter by agent ID |
from | string | Start of time range (ISO 8601) |
to | string | End of time range (ISO 8601) |
search | string | Search across action, resource, and receipt ID |
Example request
curl -X GET "https://your-relynt-instance/v1/receipts?decision=allow&agent_id=agent_abc123" \
-H "Authorization: Bearer <token>"Example response
{
"receipts": [
{
"receipt_id": "rec_abc123",
"created_at": "2025-01-15T10:30:00Z",
"agent_id": "agent_abc123",
"instance_id": "run-001",
"action": "update_deal",
"resource": "crm:deal:42",
"decision": "allow",
"risk_level": "low",
"policy_version": "v3"
}
]
}Get receipt
GET/v1/receipts/:id
Returns the full receipt object including hashes and signature.
Path parameters
| Parameter | Description |
|---|---|
id | The receipt ID (e.g., rec_abc123) |
Example request
curl -X GET "https://your-relynt-instance/v1/receipts/rec_abc123" \
-H "Authorization: Bearer <token>"Example response
{
"receipt_id": "rec_abc123",
"created_at": "2025-01-15T10:30:00Z",
"organization_id": "org_xyz",
"agent_id": "agent_abc123",
"instance_id": "run-001",
"action": "update_deal",
"resource": "crm:deal:42",
"policy_version": "v3",
"decision": "allow",
"risk_level": "low",
"request_hash": "sha256:a1b2c3d4...",
"response_hash": "sha256:e5f6g7h8...",
"signature": "hmac-sha256:i9j0k1l2...",
"idempotency_key": "550e8400-e29b-41d4-a716-446655440000"
}Verify receipt
GET/v1/receipts/:id/verify
Verifies the integrity of a receipt by recomputing its HMAC-SHA256 signature and comparing it to the stored value.
Path parameters
| Parameter | Description |
|---|---|
id | The receipt ID to verify |
Example request
curl -X GET "https://your-relynt-instance/v1/receipts/rec_abc123/verify" \
-H "Authorization: Bearer <token>"Response
{
"valid": true
}| Field | Type | Description |
|---|---|---|
valid | boolean | true if the receipt signature matches, false if tampered |
Verification recomputes the HMAC-SHA256 signature server-side using the signing key. A valid: true response confirms the receipt has not been modified since creation.
Receipt fields reference
| Field | Type | Description |
|---|---|---|
receipt_id | string | Unique identifier |
created_at | string | ISO 8601 timestamp |
organization_id | string | Owning organization |
agent_id | string | Agent that made the request |
instance_id | string | Agent run identifier |
action | string | Operation string |
resource | string | Target resource identifier |
policy_version | string | Policy version evaluated |
decision | string | allow, deny, pending_approval, or error |
risk_level | string | low, medium, or high |
request_hash | string | SHA-256 of canonical request body |
response_hash | string | SHA-256 of connector response (when available) |
signature | string | HMAC-SHA256 for tamper detection |
approval_id | string | Links to approval record (when applicable) |
idempotency_key | string | Client-provided idempotency key |
approver | string | Identity of approver (when applicable) |
Last updated on