Skip to content

GET /api/v1/admin/orgs/:slug/security/probes

This page is auto-generated from src/admin/routes.ts. Do not edit by hand — see docs/dev/docs-auto-sync.md.

:warning: Heuristic extraction — not a contract. Response shapes below are mined from c.json(...) literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.

GET /api/v1/admin/orgs/:slug/security/probes

Section titled “GET /api/v1/admin/orgs/:slug/security/probes”

Requires the following capability(ies):

  • audit:r

Other middleware observed on this route (heuristic):

  • requireCapability

--- Per-org “you are being probed” view (#584) -----------------------------

Customer-facing read of failed_auth_attempts filtered to rows attributed to this tenant. Attribution is request-path-based today (#584 Phase A — /api/v1/admin/orgs//… and /admin/ui/orgs//… land on this tenant) — proxy-surface attribution waits for the hostname-mapping decision in #575.

Default excludes synthetic-probe rows (#589’s is_synthetic column) so the customer’s view is real attacks only.

#584 — gated on audit:r (the same capability that gates the per-tenant audit log; this surface IS forensics for the org).

{
"error": "Org not found"
}
{
"org": <member-expr>,
"windowHours": 24,
"count": <member-expr>,
"events": <rows>
}
  • File: src/admin/routes.ts
  • Line: 7729