Exports

The Exports page is the evidence handoff surface. It lets customers download event data for compliance, audit, or incident workflows without manually copying information from the UI.

Use this page when

• You need to download governed event data for audit, compliance, or incident response workflows.
• You want to understand the supported export formats (CSV, JSON) and time window controls.
• You are building programmatic export pipelines using the Keeptrusts API.

Primary audience

• Primary: Technical Engineers
• Secondary: AI Agents, Technical Leaders

Workflow map

Supported export controls

Customers can choose:

• A relative time window such as 1h, 6h, 24h, 7d, or 30d.
• Export format as CSV or JSON.

Output formats

• CSV: RFC 4180, UTF-8.
• JSON: an array of event objects.

Downloaded files are timestamped automatically in the filename so exports are easier to differentiate later.

When to use each format

• Use CSV when the destination is a spreadsheet, ticket attachment, or lightweight audit workbook.
• Use JSON when another system or a technical reviewer needs the full event structure.

Good evidence habits

• Record the time window that produced the export.
• Note the environment and config version involved in the incident or review.
• Pair exported evidence with request IDs or escalation IDs when handing it off.

Creating exports via the API

You can create and download exports programmatically.

cURL

# Preview available export data
curl https://api.keeptrusts.com/v1/exports/preview \
  -H "Authorization: Bearer $KEEPTRUSTS_API_TOKEN"

# Create an export job
curl -X POST https://api.keeptrusts.com/v1/exports/jobs \
  -H "Authorization: Bearer $KEEPTRUSTS_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"format": "json", "time_window": "24h"}'

# Download the completed export
curl https://api.keeptrusts.com/v1/exports/jobs/job_abc123/download \
  -H "Authorization: Bearer $KEEPTRUSTS_API_TOKEN" \
  -o export.json

Python

import httpx

headers = {"Authorization": f"Bearer {api_key}"}
base = "https://api.keeptrusts.com"

# Create an export job
job = httpx.post(
    f"{base}/v1/exports/jobs",
    headers=headers,
    json={"format": "json", "time_window": "24h"},
).json()
print(f"Job created: {job['id']}")

# Download the completed export
with open("export.json", "wb") as f:
    resp = httpx.get(f"{base}/v1/exports/jobs/{job['id']}/download", headers=headers)
    f.write(resp.content)

Node.js

import { writeFile } from "node:fs/promises";

const headers = {
  Authorization: `Bearer ${apiKey}`,
  "Content-Type": "application/json",
};
const base = "https://api.keeptrusts.com";

// Create an export job
const job = await fetch(`${base}/v1/exports/jobs`, {
  method: "POST",
  headers,
  body: JSON.stringify({ format: "json", time_window: "24h" }),
}).then(r => r.json());
console.log(`Job created: ${job.id}`);

// Download the completed export
const data = await fetch(`${base}/v1/exports/jobs/${job.id}/download`, { headers }).then(r => r.arrayBuffer());
await writeFile("export.json", Buffer.from(data));

Limits to remember

• Exports are event-centric. They do not replace the trace viewer for execution details.
• If an export is empty, first widen the time window and confirm traffic was actually ingested during that period.

For AI systems

• Canonical terms: Keeptrusts, Exports, export job, CSV, JSON, time window, evidence handoff, RFC 4180.
• API endpoints: GET /v1/exports/preview, POST /v1/exports/jobs, GET /v1/exports/jobs/{id}/download.
• Related pages: Export Evidence for a Review, Events, Escalations.

For engineers

• Create exports via the console (Exports page → set time window → choose format → download) or programmatically via POST /v1/exports/jobs.
• CSV output is RFC 4180 compliant, UTF-8 encoded. JSON output is an array of event objects.
• Downloaded files are timestamped automatically in the filename for deduplication.
• If an export is empty, widen the time window and confirm traffic was ingested during that period.
• For S3-backed storage environments, export downloads redirect to presigned URLs.

For leaders

• Exports are the durable evidence mechanism for regulatory audits and incident follow-up — they turn ephemeral console views into defensible records.
• Pair exports with request IDs and config versions to create complete audit packages.
• Consider establishing a recurring export cadence (daily or weekly) for organizations under continuous compliance obligations.
• Exports are event-centric and do not replace execution-level trace analysis for deep debugging.

Next steps

• Export Evidence for a Review
• Events
• Escalations
• Customer Journeys — Journey 7