/v1/ prefix when running plog serve.
Base URL
Authentication
When the server is started with--api-keys, all endpoints require a Bearer token:
Endpoints
Ingest
| Method | Path | Description |
|---|---|---|
POST | /v1/events | Ingest a single event |
POST | /v1/batch | Ingest multiple events (207 on partial failure) |
Query
| Method | Path | Description |
|---|---|---|
GET | /v1/events | List events with filters |
GET | /v1/events/:id | Get a single event by ID |
GET | /v1/search | Full-text search |
GET | /v1/agents | List agents with event counts |
GET | /v1/stats | Aggregate statistics |
Integrity
| Method | Path | Description |
|---|---|---|
GET | /v1/verify | Verify hash chain |
GET | /v1/merkle/root | Compute Merkle root |
GET | /v1/export | Export verifiable package |
Timestamping
| Method | Path | Description |
|---|---|---|
POST | /v1/timestamp | Request RFC 3161 timestamp |
GET | /v1/timestamps | List stored timestamps |
GET | /v1/timestamps/verify | Verify latest timestamp |
Policy
| Method | Path | Description |
|---|---|---|
POST | /v1/policy/check | Run policy checks against the audit trail |
Real-time
| Method | Path | Description |
|---|---|---|
GET | /v1/stream | WebSocket live event stream |
Other
| Method | Path | Description |
|---|---|---|
GET | /v1/dashboard/config | Dashboard feature configuration |
POST | /v1/traces | OTLP trace receiver (when --otlp is enabled) |
Error handling
The API uses standard HTTP status codes:| Status | Description |
|---|---|
200 | Success |
201 | Created (single event or full batch success) |
207 | Multi-status (batch endpoint — partial failure) |
400 | Bad request (validation error) |
401 | Unauthorized (missing or invalid API key) |
404 | Not found |
500 | Internal server error |