Query access and audit activity
Access audit answers “who opened what, when” for offices, hotels, and campuses. OpenApp records operational activity in the dashboard audit views and surfaces usage on access invites; automation should preserve correlationId from API errors for support trails.
This guide is for operators and integrators building compliance workflows. There is no dedicated public “list all audit events” HTTP API in the current OpenAPI bundle — use dashboard review plus the signals below until a machine-readable audit export ships.
What you can use today
Section titled “What you can use today”| Signal | Where | Automation |
|---|---|---|
| Dashboard audit / activity | Product UI | Primary review for humans |
Invite max_uses / usage counts | GET/PUT access invites | Track guest link consumption |
API correlationId | ApiErrorResponse on failed calls | Tie agent logs to server traces |
| Entity action success | POST .../actions/{action_id} | Log entity id + timestamp in your app |
See Errors & retries for error body shape.
Invite usage (proxy for guest access)
Section titled “Invite usage (proxy for guest access)”List or fetch invites on the Virtual Access integration to see how often a guest link was used:
export OPENAPP_API_BASE='https://api.openapp.house/api/v1'export OPENAPP_API_KEY='v1_openapp_YOUR_SECRET'export OPENAPP_ORG_ID='01HORG00000000000000000000'export INTEGRATION_ID='01HINTEGRATION00000000000000'export INVITE_LINK_ID='01HINVITE000000000000000000'
curl -sS \ -H "Authorization: Bearer ${OPENAPP_API_KEY}" \ -H "X-Org: ${OPENAPP_ORG_ID}" \ "${OPENAPP_API_BASE}/integrations/${INTEGRATION_ID}/access-invites/${INVITE_LINK_ID}"Response fields include usage counters and validity windows — see Integrations — access invites.
Python (SDK)
Section titled “Python (SDK)”edited = await client.integrations.update_access_invite( integration_id, invite_link_id, is_enabled=True,)# Inspect returned payload for usage / validity in your deployment.Log physical actions from your integration
Section titled “Log physical actions from your integration”When your PMS or agent calls switchable.open, record the entity id, org id, and timestamp in your system of record:
curl -sS -X POST \ -H "Authorization: Bearer ${OPENAPP_API_KEY}" \ -H "Content-Type: application/json" \ -H "X-Org: ${OPENAPP_ORG_ID}" \ -d '{}' \ "${OPENAPP_API_BASE}/entities/${ENTITY_ID}/actions/switchable.open"On failure, parse JSON for correlationId:
from openapp_sdk.errors import ApiError
try: await client.entities.by_id(entity_id).open()except ApiError as err: log_correlation(err.correlation_id, entity_id=entity_id)Sector notes
Section titled “Sector notes”- Office / campus: central admins review dashboard audit; agents should not replace formal access reviews.
- Hotel: pair PMS checkout webhooks with invite disable — time-bound guest invitation.