How to Download an Audit Trail PDF Using the BoldSign API

TL;DR: Download BoldSign audit trail PDFs (signer, timestamps, IPs, events) via GET /v1/document/downloadAuditLog using documentId.

When documents are signed, you need proof, not just signatures. Audit trails provide tamper-evident evidence of who signed, when, and from where. In this guide, you’ll learn how to download audit trail PDFs programmatically using the BoldSign API.

Why would you use BoldSign audit trails

In BoldSign, an audit trail helps you:

• Protect documents with a verified signing history
• Confirm signer identities and time stamps
• Reduce legal risk with tamper-evident evidence
• Support legal compliance by storing accurate records
• Improve transparency by capturing each signing event

When does audit trail management matter most

Audit trails are especially critical when:

• Multiple departments handle contracts with vendors, clients, or employees
• Legal teams require a verified signing history for disputes
• Compliance audits demand proof of document integrity
• Organizations must store tamper-evident audit trail records alongside signed documents

What you’ll need before calling the audit trail API

Make sure you have:

• A BoldSign account (sandbox or production)
• An API key (or OAuth2 access token) to call BoldSign APIs over HTTPS
• A REST client such as curl, Postman, or your preferred HTTP library
• The  documentId of the signed document
• The onBehalfOf  email address if the document was sent on behalf of another person (Optional)

For more details refer to API documentation.

Authentication headers

Use one of the following:

• API Key: X-API-KEY: <your key>
• OAuth2: Authorization: Bearer <access_token>

Which endpoint do you use to download audit trails

You use the same endpoint for both regular and on-behalf signature requests.

Step-by-step: How to download an audit trail for a regular document

Required query parameter:

• documentId: The unique identifier of the signed document.

curl -X GET 'https://api.boldsign.com/v1/document/downloadAuditLog?documentId={Your document Id}' \ 
     -H 'accept: application/pdf' \ 
     -H 'X-API-KEY: {your-api-key}' 
    

var apiClient = new ApiClient("https://api.boldsign.com", "Your API-KEY"); 
var documentClient = new DocumentClient(apiClient); 
var documentStream = documentClient.DownloadAuditLog("YOUR_DOCUMENT_ID"); 
    

import boldsign 
 
configuration = boldsign.Configuration(api_key="YOUR_API_KEY") 
 
with boldsign.ApiClient(configuration) as api_client: 
 
    document_api = boldsign.DocumentApi(api_client) 
document_stream = document_api.download_audit_log(document_id="YOUR_DOCUMENT_ID") 
    

<?php require_once "vendor/autoload.php"; 
use BoldSign\Configuration; 
use BoldSign\Api\DocumentApi; 
 
$config = new Configuration(); 
$config->setApiKey('YOUR_API_KEY'); 
 
$documentApi = new DocumentApi($config); 
$document_stream = $documentApi->downloadAuditLog($document_id = 'YOUR_DOCUMENT_ID'); 
    

ApiClient client = Configuration.getDefaultApiClient(); 
 client.setApiKey("YOUR_API_KEY"); 
DocumentApi documentApi = new DocumentApi(client); 
File documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID", null); 
    

import { DocumentApi } from "boldsign"; 
 
const documentApi = new DocumentApi(); 
documentApi.setApiKey("YOUR_API_KEY"); 
 
const documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID"); 
    

Step-by-step: How to download an audit trail for documents sent on behalf of others

Required query parameters:

• documentId: The unique identifier of the signed document.
• onBehalfOf: The email address of the sender on whose behalf you’re acting.

Use onBehalfOf only if the document was sent on behalf of someone else.

Tip: If onBehalfOf contains special characters such as + or spaces, make sure it is URL encoded.

When a document is sent by you on behalf of another person, the download audit trail operation can still be performed from your account by specifying that person’s email address in the onBehalfOf field. This ensures you can access the audit trail even if the document wasn’t directly sent from your own address.

curl -X GET 'https://api.boldsign.com/v1/document/downloadAuditLog?documentId=YOUR_DOCUMENT_ID&onBehalfOf=ON_BEHALF_EMAIL' \ 
-H 'accept: application/pdf' \ 
-H 'X-API-KEY: {your-api-key}' 
    

var apiClient = new ApiClient("https://api.boldsign.com", "Your API-KEY"); 
var documentClient = new DocumentClient(apiClient); 
var documentStream = documentClient.DownloadAuditLog("YOUR_DOCUMENT_ID", "ON_BEHALF_EMAIL"); 
    

import boldsign 
 
configuration = boldsign.Configuration(api_key="YOUR_API_KEY") 
 
with boldsign.ApiClient(configuration) as api_client: 
 
    document_api = boldsign.DocumentApi(api_client) 
document_stream = document_api.download_audit_log(document_id="YOUR_DOCUMENT_ID", on_behalf_of="ON_BEHALF_EMAIL") 
    

<?php require_once "vendor/autoload.php"; 
use BoldSign\Configuration; 
use BoldSign\Api\DocumentApi; 
 
$config = new Configuration(); 
$config->setApiKey('YOUR_API_KEY'); 
 
$documentApi = new DocumentApi($config); 
$document_stream = $documentApi->downloadAuditLog($document_id = 'YOUR_DOCUMENT_ID', $on_behalf_of = 'ON_BEHALF_EMAIL'); 
    

ApiClient client = Configuration.getDefaultApiClient(); 
 client.setApiKey("YOUR_API_KEY"); 
DocumentApi documentApi = new DocumentApi(client); 
File documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID","ON_BEHALF_EMAIL");
    

import { DocumentApi } from "boldsign"; 
 
const documentApi = new DocumentApi(); 
documentApi.setApiKey("YOUR_API_KEY"); 
 
const documentStream = documentApi.downloadAuditLog("YOUR_DOCUMENT_ID","ON_BEHALF_EMAIL");
    

Real-world examples: How audit trails improve workflows

Example 1: Vendor contracts

A company automatically downloads the audit trail after every completed vendor contract and stores it alongside the signed PDF, reducing audit prep time and improving record consistency.

Example 2: Legal disputes

When a dispute arises, a legal team retrieves the audit trail to validate signing metadata such as signer identity, time stamps, IP address, and integrity checks, providing strong supporting evidence.

Managing audit trails with BoldSign APIs

Audit trails are a foundational safeguard when your eSignature workflows need to prove authenticity, legal compliance, and transparency. With BoldSign APIs, you can:

• Download audit trails for documents you sent for signature.
• Retrieve audit trails for documents you sent for signature on behalf of others.
• Store audit trails alongside signed documents for audits, compliance reviews, or disputes.

Conclusion

Audit trails are a simple but powerful way to strengthen document authenticity and operational transparency. With the BoldSign API, downloading audit trail PDFs is straightforward, so you can keep reliable signing evidence available for whenever you need it.

For more details, refer to the BoldSign API documentation.

Try BoldSign for free and If you need help setting this up in your workflow, reach out through the support portal or schedule a demo with our team.

Frequently asked questions