> ## Documentation Index
> Fetch the complete documentation index at: https://docs.godiligent.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# List Monitoring Runs

> Retrieve a paginated list of monitoring runs (executions), regardless of whether they produced alerts.

## Overview

Retrieve a paginated list of monitoring runs for the authenticated customer. A "run" is one execution of a monitoring, returned whether or not it produced alerts — useful for reconciliation against your own records.

Queries are bounded to a maximum 60-day window per request. If you do not pass `from` and `to`, the endpoint returns the last 30 days.

## Request

* **Method**: `GET`
* **Path**: `/monitoring-executions`
* **Query Parameters**: All optional

### Query Parameters

* `from` (ISO 8601 string, optional) - Start of the window. Defaults to 30 days before `to`.
* `to` (ISO 8601 string, optional) - End of the window. Defaults to now.
* `page_size` (integer, optional) - Number of runs per page
  * Default: 10
  * Range: 1-100
* `next_token` (string, optional) - Pagination token for next page (Base64-encoded)

### Example Request

```
GET /monitoring-executions?from=2026-04-01T00:00:00Z&to=2026-04-30T00:00:00Z&page_size=50
```

## Success Response

* **Status**: 200 OK

### Response Body

* `items` (array) - List of monitoring run summaries
  * `id` (string) - Unique identifier for the run
  * `monitoring_id` (string) - ID of the monitoring this run belongs to
  * `website` (string) - Website that was monitored
  * `execution_time` (string) - ISO 8601 timestamp of when the run was executed
  * `external_id` (string|null) - External reference ID (null if not set)
  * `alert_count` (integer) - Number of alerts produced by the run (0 if none)
* `next_token` (string|null) - Token for next page (null if no more pages)

### Example Response

```json theme={null}
{
  "items": [
    {
      "id": "d6e3b214-30b1-4401-a1b8-a1bd3c6a84e4",
      "monitoring_id": "8f1e8e3a-4f4f-4f4f-8f4f-4f4f4f4f4f4f",
      "website": "https://example.com",
      "execution_time": "2026-05-21T12:34:56.000Z",
      "external_id": "ref-123",
      "alert_count": 0
    }
  ],
  "next_token": null
}
```

## Error Handling

* **400 Bad Request**
  * Invalid `from` or `to` (must be ISO 8601 date-time)
  * `from` is after `to`
  * Date range exceeds 60 days
  * Invalid `page_size`
  * Example: `{ "error": "Date range cannot exceed 60 days" }`
* **401 Unauthorized**
  * Missing or invalid customer authentication
* **500 Internal Server Error**
  * Unexpected server error

## Pagination

Cursor-based pagination with Base64-encoded tokens:

1. First request: Don't include `next_token`
2. Subsequent requests: Use the `next_token` from the previous response
3. Last page: `next_token` will be `null`


## OpenAPI

````yaml GET /monitoring-executions
openapi: 3.0.1
info:
  version: 1.5.0
  title: Diligent
  description: >
    Download Postman collection
    [here](https://docs.godiligent.ai/files/postman_collection.json).
servers:
  - url: https://api.godiligent.ai
    description: Production
  - url: https://api.sandbox.godiligent.ai
    description: Sandbox
security:
  - xApiKey: []
tags:
  - name: CDD
    description: Customer Due Diligence
  - name: Company
    description: Company Information
  - name: Blocked Companies
    description: Manage blocked companies
  - name: Monitorings
    description: Website monitoring and alerts for changes and risks
  - name: Webhooks
    description: >

      ## How to Secure Webhook Deliveries

      To ensure that webhook payloads are securely transmitted and verified.
      This guide explains how to configure and validate

      webhook deliveries using a shared secret.


      ### How It Works


      When setting up a webhook, a secret is configured on both the sender (our
      system) and the receiver (your endpoint). Each

      webhook payload is signed using this secret, allowing the receiver to
      verify its authenticity.


      #### Step 1: Configuring Your Webhook Secret


      1. When creating a webhook in our system, specify a unique secret key.
      This secret should be a strong, randomly

      generated string.

      2. Store this secret securely on your server; it should never be exposed
      publicly.


      #### Step 2: Receiving Webhook Payloads


      When your server receives a webhook event, the request will include an
      `X-Signature` header containing a HMAC signature

      of the payload.


      Example header:


      ```

      X-Signature: sha256=abcdef1234567890...

      ```


      #### Step 3: Validating the Webhook Signature


      To verify the webhook payload:


      1. Retrieve the `X-Signature` value from the request headers.

      2. Compute the HMAC SHA-256 signature of the request payload using your
      webhook secret.

      3. Compare the computed signature with the one in the `X-Signature`
      header.

      4. If they match, the webhook is valid.


      #### (Python)


      ```python

      import hashlib

      import hmac

      import json


      def verify_webhook_signature(secret, payload, signature):
        computed_signature = hmac.new(secret.encode(), payload.encode(), hashlib.sha256).hexdigest()
        expected_signature = f"sha256={computed_signature}"
        return hmac.compare_digest(expected_signature, signature)

      # Example usage:

      secret = "your_webhook_secret"

      payload = json.dumps({"event": "example"})

      received_signature = "sha256=abcdef1234567890..."


      if verify_webhook_signature(secret, payload, received_signature):
        print("Valid webhook received!")
      else:
        print("Invalid webhook signature!")
      ```


      #### (JavaScript)


      ```javascript

      const crypto = require('crypto');


      function verifyWebhookSignature (secret, payload, signature) {

      const computedSignature = `sha256=${crypto.createHmac('sha256', secret)

      .update(payload)

      .digest('hex')}`;

      return crypto.timingSafeEqual(Buffer.from(computedSignature),
      Buffer.from(signature));

      }


      // Example usage:

      const secret = "your_webhook_secret";

      const payload = JSON.stringify({ event: "example" });

      const receivedSignature = "sha256=abcdef1234567890...";


      if (verifyWebhookSignature(secret, payload, receivedSignature)) {

      console.log("Valid webhook received!");

      } else {

      console.log("Invalid webhook signature!");

      }

      ```


      #### Security Considerations


      - Always use HTTPS to prevent interception of webhook payloads.

      - Reject webhook requests that fail signature validation.

      - Rotate secrets periodically to enhance security.


      By following this guide, you ensure that webhook deliveries are secure and
      trusted.
  - name: Instant Screening (experimental)
    description: Instant Website Screening API
  - name: Name Screening
    description: Name screening search, alert management and remediation
paths:
  /monitoring-executions:
    get:
      tags:
        - Monitorings
      summary: List monitoring runs
      description: >-
        Retrieve a paginated list of monitoring runs (executions) for the
        authenticated customer, regardless of whether they produced alerts.
        Useful for reconciliation. Defaults to the last 30 days when no dates
        are supplied; maximum window is 60 days.
      parameters:
        - name: from
          in: query
          required: false
          schema:
            type: string
            format: date-time
          description: Start of the window (ISO 8601). Defaults to 30 days before `to`.
        - name: to
          in: query
          required: false
          schema:
            type: string
            format: date-time
          description: End of the window (ISO 8601). Defaults to now.
        - name: page_size
          in: query
          required: false
          schema:
            type: integer
            minimum: 1
            maximum: 100
            default: 10
          description: Number of runs per page (1-100, default 10)
        - name: next_token
          in: query
          required: false
          schema:
            type: string
          description: Pagination token for next page (Base64-encoded)
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/MonitoringExecutionsListResponse'
        '400':
          description: >-
            Bad Request (invalid dates, range exceeds 60 days, or invalid
            page_size)
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ValidationError'
        '401':
          description: Unauthorized
        '500':
          description: Internal Server Error
      security:
        - xApiKey: []
components:
  schemas:
    MonitoringExecutionsListResponse:
      type: object
      properties:
        items:
          type: array
          items:
            $ref: '#/components/schemas/MonitoringExecution'
        next_token:
          type: string
          nullable: true
          description: Pagination token for next page (null if last page)
          example: >-
            eyJjdXN0b21lcklkIjp7IlMiOiI2OWRmNWQ4MS0yYjc0LTRmNDItYTQwMS0xM2ViOTZiYTA2MTkifSwiZXhlY3V0aW9uVGltZSI6eyJTIjoiMjAyNS0wNy0zMVQxMjowMTozMC44OTFaIn19
    ValidationError:
      type: object
      properties:
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ValidationErrorItem'
      required:
        - errors
    MonitoringExecution:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: Unique execution identifier
          example: d6e3b214-30b1-4401-a1b8-a1bd3c6a84e4
        monitoring_id:
          type: string
          format: uuid
          description: Monitoring ID this run belongs to
          example: 8f1e8e3a-4f4f-4f4f-8f4f-4f4f4f4f4f4f
        website:
          type: string
          format: uri
          description: Website that was monitored
          example: https://example.com
        execution_time:
          type: string
          format: date-time
          description: When the run was executed (ISO 8601)
          example: '2026-05-21T12:34:56.000Z'
        external_id:
          type: string
          nullable: true
          description: External reference ID or null if not set
          example: ref-123
        alert_count:
          type: integer
          description: Number of alerts produced by this run (0 if none)
          example: 0
    ValidationErrorItem:
      type: object
      properties:
        path:
          type: array
          items:
            type: string
          description: JSON path to the field with the error
        message:
          type: string
          description: Error message
        code:
          type: string
          description: Error code indicating the type of error
      required:
        - path
        - message
        - code
  securitySchemes:
    xApiKey:
      type: apiKey
      name: X-API-KEY
      in: header

````