GET /api/v1/admin/orgs/:slug/security/probes
This page is auto-generated from
src/admin/routes.ts. Do not edit by hand — seedocs/dev/docs-auto-sync.md.
:warning: Heuristic extraction — not a contract. Response shapes below are mined from
c.json(...)literals in the handler via an AST walker. Computed fields, ternaries, and non-literal returns are shown as placeholders. Refer to the linked source file for the authoritative behaviour.
GET /api/v1/admin/orgs/:slug/security/probes
Section titled “GET /api/v1/admin/orgs/:slug/security/probes”Authentication
Section titled “Authentication”Requires the following capability(ies):
audit:r
Middleware
Section titled “Middleware”Other middleware observed on this route (heuristic):
requireCapability
Description
Section titled “Description”--- Per-org “you are being probed” view (#584) -----------------------------
Customer-facing read of failed_auth_attempts filtered to rows attributed
to this tenant. Attribution is request-path-based today (#584 Phase A —
/api/v1/admin/orgs/
Default excludes synthetic-probe rows (#589’s is_synthetic column) so
the customer’s view is real attacks only.
#584 — gated on audit:r (the same capability that gates the per-tenant audit log; this surface IS forensics for the org).
Responses
Section titled “Responses”HTTP 404
Section titled “HTTP 404”{ "error": "Org not found"}HTTP 200 (default)
Section titled “HTTP 200 (default)”{ "org": <member-expr>, "windowHours": 24, "count": <member-expr>, "events": <rows>}Source
Section titled “Source”- File:
src/admin/routes.ts - Line: 7729