History Recording
Procivis One maintains a single, centralized log of events across the entire deployment. This page explains how that log works: where events come from, what triggers an entry, and how write access is controlled. To search, filter, and export recorded events, see Searching and Reading History.
A single, centralized log
Core is the sole system of record for history. Other services in a Procivis One deployment (the Enterprise Backend, OpenID Bridge, Wallet-Relying Party Registry) do not keep their own separate audit logs. Instead, each forwards its events to Core's history API, which records them in one central store.
This means that regardless of which service in your deployment performed
an action, the resulting entry lands in the same log, searchable and
exportable through a single interface. Each entry's source field
identifies which service reported the event, so you can always trace an
entry back to its origin even though everything is stored centrally.
What creates a history entry
History entries represent state-changing events on the entities the platform manages, not every operation the system performs. Broadly, entries fall into a few categories:
- Creation and deletion of entities such as credentials, keys, certificates, and wallet units
- Lifecycle and status transitions, such as a credential being suspended or a wallet unit being revoked
- Completion of interactions, such as a credential being offered, shared, or accepted
- Domain-specific events particular to a given component, such as trust resolution or receipt of a Wallet-Relying Party Access or Registration Certificate
CHECK THESE
| Example entity | Example actions |
|---|---|
| Credential | Created, Offered, Issued, Pending, Accepted, Shared, Revoked |
| Wallet unit | Created, Activated, Issued, Pending, Revoked, Updated |
| Trust list subscription | Created, Updated, Deleted |
The table above is illustrative, not exhaustive. For the full set of
entity and action types, see the entityTypes[] and actions[] enums
of GET /api/history/v1.
How entries reach the log
Non-Core services never write to Core's database directly. Instead, they call Core's history API to submit events as they occur:
POST /api/history/v1— used by other services to forward an event to be recorded
See History in the Core API reference for full endpoint details.
Write access and permissions
Creating a history entry requires the HISTORY_CREATE permission,
assigned to the technical users representing the non-Core services that
report events to Core. This permission should never be assigned to a
real user; see Configuring Service History
for setup and why this matters.
Reading history is governed separately, through HISTORY_LIST /
HISTORY_DETAIL (scoped to your organization) or SYSTEM_HISTORY_LIST /
SYSTEM_HISTORY_DETAIL (cross-organization). See
Across organizations for how
query scope works.
No modification after creation
The history API provides no way to edit or delete an existing entry, only
to create new ones. Correcting or reversing a state is recorded as a new
entry (for example, a Revoked entry following an Issued one), never by
altering a previous entry. This makes the log append-only through the API;
direct access to the underlying database is outside the scope of this
guarantee.
Related pages
- Searching and Reading History — query, filter, and export recorded events
- Configuring Service History — enable history recording for a service