Skip to main content

Overview

The Tight API stores every modification to every entity along with details about each revision, e.g. the date and time, the editor, and the source of the change. An individual entity can be audited to see all revisions to that entity or the entry audit trail can be retrieved to view a chronological log of every action and the entities affected.

Audit an entity

All top-level entities in the Tight API support pulling their Audit Trail. This can be fetched via a URL of the form /v6/auditTrail/{id}. For example to audit a bank transaction, use the following request: 
curl -X GET 'https://sandbox.tight.com/v6/auditTrail/btn_936723' \
-H 'Authorization: Bearer <access_token>'
This will return a list of revisions for the specified bank transaction: 
{
    "result": "SUCCESS",
    "data": [{
        "company": {
          "id": "fake_companyId"
        },
        "editor": {
          "userId": "fake_userId",
          "email": "user@tight.com"
        },
        "action": "Transactions edited by user@tight.com",
        "datetime": "2025-06-17T14:24:32.926Z",
        "revision": {
            "id": "btn_936723",
            "category": {
              "id": "cat_354231"
            }
        }
    }],
    "error": []
}
For large audit trails, utilize pagination to retrieve all changes. See the pagination documentation for more information.

Review the full Audit Trail

The Tight API supports pulling the full audit trail for any company, providing all changes to all entities belonging to that company in a chronological order: 
curl -X POST 'https://sandbox.tight.com/v6/auditTrail/query' \
-H 'Authorization: Bearer <access_token>'
This will return all audit trail entries: 
{
    "result": "SUCCESS",
    "data": [{
        "company": {
          "id": "fake_companyId"
        },
        "editor": {
          "userId": "fake_userId",
          "email": "user@tight.com"
        },
        "action": "Transactions edited by user@tight.com",
        "datetime": "2025-06-17T14:24:32.926Z",
        "revisions": [{
            "id": "btn_936723",
            "category": {
              "id": "cat_354231"
            }
        },
        {
            "id": "btn_936724",
            "category": {
              "id": "cat_354231"
            }
        }]
    }],
    "error": []
}
The entries returned in the above audit trail are determined by the access_token used. See the Authentication docs for more info.

Editors

When modifications are made to an entity in the Tight API, the access_token used to make those edits determines the editor on the associated audit trail entry. If a userId was used to generate the access_token, edits made using that access token will reflect that user on the audit trail. If a userId was not used, i.e. Partner-level authentication is being used to access the Tight API, the audit trail will reflect your platform’s name as the editor on the audit trail.

Audit a specific editor

The full Audit Trail can be filtered to a specific editor to audit changes made by a specific user, e.g. a bookkeeper across all companies: 
curl -X POST https://sandbox.tight.com/v6/auditTrail/query \
-H 'Authorization: Bearer <access_token>' \
-D '{
      "filter": {
        "editor": {
          "userId": {
            "equal": "fake_bookkeeper_userId"
          }
        }
      }
    }'
This will return all Audit Trail entries caused by Bookkeeper fake_bookkeeper_userId.