Vijay Amalan for BoldSign

Posted on Feb 19 • Originally published at boldsign.com

How to Download an Audit Trail PDF Using the BoldSign API

#esignature #api #auditrial #boldsign

When documents are signed, you need proof, not just signatures. Audit trails provide tamper-evident evidence of who signed, when, and from where. In this guide, you’ll learn how to download audit trail PDFs programmatically using the BoldSign API.

Why would you use BoldSign audit trails

In BoldSign, an audit trail helps you:

Protect documents with a verified signing history
Confirm signer identities and time stamps
Reduce legal risk with tamper-evident evidence
Support legal compliance by storing accurate records
Improve transparency by capturing each signing event

When does audit trail management matter most

Audit trails are especially critical when:

Multiple departments handle contracts with vendors, clients, or employees
Legal teams require a verified signing history for disputes
Compliance audits demand proof of document integrity
Organizations must store tamper-evident audit trail records alongside signed documents

What you’ll need before calling the audit trail API

Make sure you have:

A BoldSign account (sandbox or production)
An API key (or OAuth2 access token) to call BoldSign APIs over HTTPS
A REST client such as curl, Postman, or your preferred HTTP library
The  documentId of the signed document
The onBehalfOf  email address if the document was sent on behalf of another person (Optional)

Authentication headers

Use one of the following:

API Key: X-API-KEY:
OAuth2: Authorization: Bearer

Which endpoint do you use to download audit trails

You use the same endpoint for both regular and on-behalf signature requests.

Task	Method + path	Required inputs	Output
Download audit trail (regular document)	GET /v1/document/downloadAuditLog	documentId	Audit trail PDF
Download audit trail (on-behalf document)	GET /v1/document/downloadAuditLog	documentId, onBehalfOf	Audit trail PDF

Step-by-step: How to download an audit trail for a regular document

Required query parameter:

documentId: The unique identifier of the signed document.

cURL

    curl -X GET 'https://api.boldsign.com/v1/document/downloadAuditLog?documentId={Your document Id}' \ 
         -H 'accept: application/pdf' \ 
         -H 'X-API-KEY: {your-api-key}'

    var apiClient = new ApiClient("https://api.boldsign.com", "Your API-KEY"); 
    var documentClient = new DocumentClient(apiClient); 
    var documentStream = documentClient.DownloadAuditLog("YOUR_DOCUMENT_ID");

Python

    import boldsign 

    configuration = boldsign.Configuration(api_key="YOUR_API_KEY") 

    with boldsign.ApiClient(configuration) as api_client: 

        document_api = boldsign.DocumentApi(api_client) 
    document_stream = document_api.download_audit_log(document_id="YOUR_DOCUMENT_ID")

PHP

    <?php require_once "vendor/autoload.php"; 
    use BoldSign\Configuration; 
    use BoldSign\Api\DocumentApi; 

    $config = new Configuration(); 
    $config->setApiKey('YOUR_API_KEY'); 

    $documentApi = new DocumentApi($config); 
    $document_stream = $documentApi->downloadAuditLog($document_id = 'YOUR_DOCUMENT_ID');

Java

    ApiClient client = Configuration.getDefaultApiClient(); 
     client.setApiKey("YOUR_API_KEY"); 
    DocumentApi documentApi = new DocumentApi(client); 
    File documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID", null);

Node js

    import { DocumentApi } from "boldsign"; 

    const documentApi = new DocumentApi(); 
    documentApi.setApiKey("YOUR_API_KEY"); 

    const documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID");

Step-by-step: How to download an audit trail for documents sent on behalf of others

Required query parameters:

documentId: The unique identifier of the signed document.
onBehalfOf: The email address of the sender on whose behalf you’re acting.

Use onBehalfOf only if the document was sent on behalf of someone else.

Tip: If onBehalfOf contains special characters such as + or spaces, make sure it is URL encoded.

When a document is sent by you on behalf of another person, the download audit trail operation can still be performed from your account by specifying that person’s email address in the onBehalfOf field. This ensures you can access the audit trail even if the document wasn’t directly sent from your own address.

cURL

    curl -X GET 'https://api.boldsign.com/v1/document/downloadAuditLog?documentId=YOUR_DOCUMENT_ID&onBehalfOf=ON_BEHALF_EMAIL' \ 
    -H 'accept: application/pdf' \ 
    -H 'X-API-KEY: {your-api-key}'

    var apiClient = new ApiClient("https://api.boldsign.com", "Your API-KEY"); 
    var documentClient = new DocumentClient(apiClient); 
    var documentStream = documentClient.DownloadAuditLog("YOUR_DOCUMENT_ID", "ON_BEHALF_EMAIL");

Python

    import boldsign 

    configuration = boldsign.Configuration(api_key="YOUR_API_KEY") 

    with boldsign.ApiClient(configuration) as api_client: 

        document_api = boldsign.DocumentApi(api_client) 
    document_stream = document_api.download_audit_log(document_id="YOUR_DOCUMENT_ID", on_behalf_of="ON_BEHALF_EMAIL")

PHP

    <?php require_once "vendor/autoload.php"; 
    use BoldSign\Configuration; 
    use BoldSign\Api\DocumentApi; 

    $config = new Configuration(); 
    $config->setApiKey('YOUR_API_KEY'); 

    $documentApi = new DocumentApi($config); 
    $document_stream = $documentApi->downloadAuditLog($document_id = 'YOUR_DOCUMENT_ID', $on_behalf_of = 'ON_BEHALF_EMAIL');

Java

    ApiClient client = Configuration.getDefaultApiClient(); 
     client.setApiKey("YOUR_API_KEY"); 
    DocumentApi documentApi = new DocumentApi(client); 
    File documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID","ON_BEHALF_EMAIL");

Node js

    import { DocumentApi } from "boldsign"; 

    const documentApi = new DocumentApi(); 
    documentApi.setApiKey("YOUR_API_KEY"); 

    const documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID","ON_BEHALF_EMAIL");

Real-world examples: How audit trails improve workflows

Example 1: Vendor contracts

A company automatically downloads the audit trail after every completed vendor contract and stores it alongside the signed PDF, reducing audit prep time and improving record consistency.

Example 2: Legal disputes

When a dispute arises, a legal team retrieves the audit trail to validate signing metadata such as signer identity, time stamps, IP address, and integrity checks, providing strong supporting evidence.

Managing audit trails with BoldSign APIs

Audit trails are a foundational safeguard when your eSignature workflows need to prove authenticity, legal compliance, and transparency. With BoldSign APIs, you can:

Download audit trails for documents you sent for signature.
Retrieve audit trails for documents you sent for signature on behalf of others.
Store audit trails alongside signed documents for audits, compliance reviews, or disputes.

Conclusion

Audit trails are a simple but powerful way to strengthen document authenticity and operational transparency. With the BoldSign API, downloading audit trail PDFs is straightforward, so you can keep reliable signing evidence available for whenever you need it.

For more details, refer to the BoldSign API documentation. If you need help setting this up in your workflow, reach out through the support portal or schedule a demo with our team.

Related blogs

Note: This blog was originally published at boldsign.com

DEV Community