Flow Studio
Approval Audit Trail
Every individual decision is permanently recorded in Process_ApprovalDecisions. Query the audit trail via the API for compliance reporting, SOX audit evidence, or dispute resolution.
Audit Trail API
// Full decision log for a specific approval task
GET /api/approvals/{executionId}/{nodeId}/decisions
Response:
[
{
"actorId" : "user-finance-head",
"actorName" : "Alice Chen",
"decision" : "Rejected",
"comment" : "Budget exceeds quarterly limit.",
"decidedAt" : "2026-05-25T10:30:00Z",
"isEscalated": false,
"isAutoDecided": false
},
{
"actorId" : "user-ceo",
"actorName" : "Bob Smith (Escalated)",
"decision" : "Approved",
"comment" : "Override approved — strategic necessity.",
"decidedAt" : "2026-05-25T14:15:00Z",
"isEscalated": true,
"isAutoDecided": false
}
]Immutability
Once a decision row is written to Process_ApprovalDecisions, it cannot be modified or deleted through the API. The table has no update or delete endpoints. Decisions are permanent — this is by design for audit integrity.
Retention and Export
| Concern | Behaviour |
|---|---|
| Retention period | Configurable per tenant — default 7 years for compliance workflows |
| Export format | JSON via GET /api/approvals/export?tenantId=...&dateFrom=...&dateTo=... |
| Encryption at rest | Stored in the same encrypted database as other process data |
| PII in comments | Comments may contain PII — apply data classification policies |
Viewing in the Observer Panel
In the Flow Studio Observer Panel, clicking an Approval node in the Node List tab shows the approval decisions in the Node Inspector tab. Each decision is displayed with actor name, decision, timestamp, and comment.
Integration with compliance systems: For SOX, ISO 27001, or GDPR compliance workflows, extract the approval audit trail via the export API and feed it into your compliance reporting platform. The
isEscalated and isAutoDecided flags help auditors understand when human judgment was applied vs. automated fallbacks.