Skip to main content

clinik.auditEvents

Audit Events (FHIR AuditEvent) record security-relevant events in your system. Audit events are immutable — they can be created and read, but not updated.

create

const { data, meta } = await clinik.auditEvents.create(request): Promise<ApiResponse<AuditEvent>>
FieldTypeRequiredDescription
typestringYesEvent type code (e.g. “rest”, “login”, “export”)
subtypestring[]NoEvent subtypes
actionstringNoAction code: C, R, U, D, E
recordedstringYesISO 8601 timestamp
outcomestringNo0=success, 4=minor, 8=serious, 12=major failure
outcomeDescstringNoOutcome description
purposeOfEventstring[]NoPurpose of the event
agentArrayYesWho was involved
agent[].whostringYesAgent identifier
agent[].namestringNoAgent display name
agent[].requestorbooleanYesWhether this agent initiated the event
agent[].rolestringNoAgent role
agent[].networkAddressstringNoNetwork address
sourceobjectYesEvent source
source.observerstringYesSource observer
source.sitestringNoSource site
source.typestringNoSource type
entityArrayNoEntities involved
entity[].whatstringNoEntity reference
entity[].typestringNoEntity type
entity[].rolestringNoEntity role
entity[].namestringNoEntity name
entity[].descriptionstringNoEntity description

Example

const { data } = await clinik.auditEvents.create({
  type: 'rest',
  action: 'R',
  recorded: new Date().toISOString(),
  outcome: '0',
  agent: [{
    who: 'prac_dr456',
    name: 'Dr. Smith',
    requestor: true,
    role: 'Practitioner',
    networkAddress: '192.168.1.100',
  }],
  source: {
    observer: 'ClinikAPI',
    site: 'Cloud',
    type: 'Application Server',
  },
  entity: [{
    what: 'Patient/pt_abc123',
    type: '1',
    role: '1',
    name: 'Patient Record',
  }],
});
Audit events support read, delete, and search — but not update. Search supports action, outcome, agent, dateFrom, dateTo filters.