> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authsignal.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Action

> Get detailed information on a tracked action.



## OpenAPI

````yaml server-api GET /users/{userId}/actions/{action}/{idempotencyKey}
openapi: 3.0.0
info:
  description: Authsignal's Server API.
  version: 1.0.0
  title: Server API
  termsOfService: https://www.authsignal.com/legal/terms-of-service
  contact:
    email: hello@authsignal.com
servers:
  - url: https://api.authsignal.com/v1
  - url: https://au.api.authsignal.com/v1
  - url: https://eu.api.authsignal.com/v1
  - url: https://ca.api.authsignal.com/v1
security:
  - basicAuth: []
tags:
  - name: users
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenge
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: authenticator configurations
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: actions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: query
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: email
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sms
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: verify
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: challenges
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: sessions
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
  - name: devices
    description: ''
    externalDocs:
      description: Find out more
      url: https://docs.authsignal.com
externalDocs:
  description: Find out more about Authsignal
  url: https://docs.authsignal.com
paths:
  /users/{userId}/actions/{action}/{idempotencyKey}:
    get:
      tags:
        - users
      summary: Get action
      description: Get detailed information on a tracked action.
      operationId: getAction
      parameters:
        - $ref: '#/components/parameters/userId'
        - $ref: '#/components/parameters/action'
        - $ref: '#/components/parameters/idempotencyKey'
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GetActionResponseBody'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
components:
  parameters:
    userId:
      name: userId
      in: path
      description: The ID of the user.
      required: true
      schema:
        type: string
    action:
      name: action
      in: path
      description: >-
        A short human-readable code which defines the action that the user is
        performing, e.g. `signIn`. This value will be displayed in the
        Authsignal Portal and can be used to configure rules for authentication
        events with differing risk profiles. Values are validated with the
        following regex: `^[a-zA-Z0-9_-]{(1, 64)}$`.
      required: true
      schema:
        type: string
    idempotencyKey:
      name: idempotencyKey
      in: path
      description: The unique key which identifies the particular action which was tracked.
      required: true
      schema:
        type: string
  schemas:
    GetActionResponseBody:
      type: object
      properties:
        state:
          $ref: '#/components/schemas/ActionState'
        createdAt:
          type: string
          format: date-time
          description: >-
            The time in ISO 8061 format when the action was first created via
            track.
        stateUpdatedAt:
          type: string
          format: date-time
          description: >-
            The time in ISO 8061 format when the state of the action was last
            updated.
        output:
          $ref: '#/components/schemas/ActionOutput'
        verificationMethod:
          $ref: '#/components/schemas/VerificationMethod'
        verifiedByAuthenticatorId:
          type: string
          description: >-
            The ID of the authenticator which was used to complete the challenge
            associated with the action.
        priorityRuleId:
          type: string
          description: >-
            The ID of the rule that had the highest priority and determined the
            `state` of the user action.
        ruleIds:
          type: array
          items:
            type: string
          description: The IDs of the triggered rules.
        rules:
          type: array
          description: >-
            A snapshot of the triggered rules at the time the user action was
            tracked, ordered by priority.
          items:
            type: object
            properties:
              ruleId:
                type: string
              name:
                type: string
              description:
                type: string
              metadata:
                type: object
    ActionState:
      type: string
      enum:
        - ALLOW
        - BLOCK
        - CHALLENGE_REQUIRED
        - CHALLENGE_FAILED
        - CHALLENGE_SUCCEEDED
        - REVIEW_REQUIRED
        - REVIEW_FAILED
        - REVIEW_SUCCEEDED
      description: The current state of the action.
    ActionOutput:
      type: object
      properties:
        custom:
          type: object
          description: The custom data passed as input when tracking the action.
        device:
          type: object
          properties:
            attestationResult:
              $ref: '#/components/schemas/AttestationResult'
          description: Device information associated with the action.
      description: >-
        The output produced by the rules engine when determining if the action
        requires a challenge.
    VerificationMethod:
      type: string
      enum:
        - SMS
        - AUTHENTICATOR_APP
        - EMAIL_MAGIC_LINK
        - EMAIL_OTP
        - PUSH
        - DEVICE
        - SECURITY_KEY
        - PASSKEY
        - VERIFF
        - IPROOV
        - PALM_BIOMETRICS_RR
        - IDVERSE
    Error:
      type: object
      properties:
        error:
          type: string
        errorDescription:
          type: string
      required:
        - error
    AttestationResult:
      type: object
      properties:
        verdict:
          type: string
          enum:
            - VALID
            - FAILED_INTEGRITY
            - FAILED_APP_IDENTITY
            - FAILED_DEVICE
            - ERROR
          description: The overall attestation verdict.
        provider:
          type: string
          enum:
            - APP_ATTEST
            - PLAY_INTEGRITY
          description: The attestation provider used.
        deviceIntegrity:
          type: boolean
          description: Whether the device passed integrity checks (not rooted/jailbroken).
        appIntegrity:
          type: boolean
          description: Whether the calling app matches the expected package/bundle.
        riskMetric:
          type: number
          description: >-
            iOS only. Approximate count of unique attestations for this device
            over the past 30 days.
        keyId:
          type: string
          description: iOS only. The attestation key identifier.
        bundleId:
          type: string
          description: iOS only. The matched bundle identifier.
        deviceActivityLevel:
          type: string
          description: >-
            Android only. Token request volume level: LEVEL_1 (low) to LEVEL_4
            (high).
        playProtectVerdict:
          type: string
          description: >-
            Android only. Play Protect malware status: NO_ISSUES, MEDIUM_RISK,
            HIGH_RISK, etc.
        deviceRecognitionVerdict:
          type: array
          items:
            type: string
          description: >-
            Android only. Device integrity labels (e.g. MEETS_BASIC_INTEGRITY,
            MEETS_DEVICE_INTEGRITY, MEETS_STRONG_INTEGRITY).
        appRecognitionVerdict:
          type: string
          description: >-
            Android only. App recognition verdict: PLAY_RECOGNIZED,
            UNRECOGNIZED_VERSION, UNEVALUATED.
        appLicensingVerdict:
          type: string
          description: >-
            Android only. App licensing verdict: LICENSED, UNLICENSED,
            UNEVALUATED.
        sdkVersion:
          type: number
          description: Android only. Android SDK version of the OS running on the device.
        requestPackageName:
          type: string
          description: Android only. The package name from the request.
        versionCode:
          type: string
          description: Android only. The app version code.
        appAccessRiskVerdict:
          type: array
          items:
            type: string
          description: >-
            Android only. Apps detected on device by App Access Risk (e.g.
            KNOWN_INSTALLED, UNKNOWN_INSTALLED).
      required:
        - verdict
        - provider
        - deviceIntegrity
        - appIntegrity
  responses:
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Not Found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
      description: >-
        Use your Authsignal Server API secret key as the username and leave the
        password empty. The secret key can be found in the API Keys section of
        the Authsignal Portal settings page.

````