signedapproval
Help Center

Log Sinks

Stream audit events to external webhook endpoints for compliance logging, SIEM integration, and real-time monitoring.

Key Concepts

Log sinks stream audit events from SignedApproval to external webhook endpoints in real time. Unlike webhooks (which are per-request callbacks), log sinks capture all events across your account: approvals created, decisions made, verifications performed, keys created, and more.

Log sink configurations are stored in signedapproval_log_sinks, and delivery attempts are tracked in signedapproval_log_sink_deliveries.

Configure a Log Sink
1

Open log sink settings

Go to Dashboard → Settings → Log Sinks and click Add Sink.

2

Configure the endpoint

Enter the webhook URL where events should be delivered. This must be an HTTPS endpoint that accepts POST requests. Common destinations:

  • Datadog (via webhook intake endpoint)
  • Splunk HEC (HTTP Event Collector)
  • Elastic/Logstash (HTTP input plugin)
  • Custom compliance logging service
  • n8n or Zapier webhook triggers
3

Select event types

Choose which event types to stream:

  • approval.created -- New approval request created
  • approval.decided -- Approval approved or rejected
  • approval.expired -- Approval TTL elapsed
  • approval.verified -- Signature verification performed
  • key.created -- New API key created
  • key.revoked -- API key revoked

Event Payload Format

JSON
{
  "event_type": "approval.decided",
  "timestamp": "2026-03-23T14:02:30.000Z",
  "approver_id": "6384fc4f-dc2d-406d-...",
  "data": {
    "request_id": "req_abc123",
    "action": "Deploy v2.1.0 to production",
    "decision": "approved",
    "method": "passkey",
    "caller_key_name": "CI Pipeline",
    "ttl_seconds": 3600
  }
}

Delivery Tracking

Every delivery attempt is recorded with:

  • HTTP status code received
  • Delivery timestamp
  • Success or failure status
  • Response body (for debugging)

View delivery history in Settings → Log Sinks by clicking on a configured sink.

Log Sinks vs. Webhooks

  • Webhooks are per-request callbacks configured when creating an approval request. They notify the caller about their specific request.
  • Log sinks are account-wide event streams configured in settings. They capture all events for compliance, monitoring, and analytics.

Use webhooks for real-time application logic (e.g., trigger a deployment after approval). Use log sinks for audit trails and compliance (e.g., send all events to Splunk for SOC analysis).

Note
Log sink endpoints must respond with a 2xx status code within 10 seconds. Slow or unresponsive endpoints will have deliveries marked as failed.
Tip
For compliance requirements (SOC 2, HIPAA), configure a log sink to an immutable log storage service. The events include enough detail to reconstruct the entire approval lifecycle.
Related Articles
WebhooksDashboard OverviewHow Approvals Work