Use Case
An immutable record of every provenance operation.
Append-only, tenant-scoped, exportable audit log.
The Verbitas audit log records every sign, verify, lookup, and recipe event in an append-only Postgres table (rows cannot be deleted or updated after write). Events are archived to Hetzner Object Storage (EU region) and exportable as CSV or JSON from the admin console or via the API.
How it works
- 01 Every API operation writes an audit event with tenant ID, operation type, timestamp, and asset ID
- 02 Audit rows are written by a Postgres trigger — they cannot be modified or deleted
- 03 Events are continuously archived to S3-compatible object storage (EU region)
- 04 GET /v1/audit returns tenant-scoped events in NDJSON format
- 05 Enterprise customers can configure continuous SIEM export via webhook
Technical notes
The audit log is available on Growth, Compliance/Newsroom, Enterprise SaaS, and Enterprise BYOK plans. Developer plan does not include audit log access. The append-only guarantee is enforced at the database level by a Postgres trigger that rejects UPDATE and DELETE on the audit table.
Limitations
The audit log records operations performed via the Verbitas API. Operations performed via third-party C2PA tools that do not use Verbitas will not appear in the audit log. Audit log retention defaults to 90 days after account cancellation; configurable on enterprise plans.