# Search Actions The Actions Search API lets you query historical client actions for the authenticated tenant within a bounded time window. Use it to build investigation tools, export historical decisions, or feed downstream fraud-review workflows. Each returned item shares the nested shape used by the [Recommendations API](/openapi/risk/recommendations.openapi/recommendations/getriskrecommendation) — the same `context`, `risk_signals`, `transaction_data` and `preview_rule` sub-objects — so an integration that already consumes recommendations can read historical actions without learning a second schema. **Recommended usage.** Always scope a query with a `start_time` and `end_time` that are as narrow as your use case allows; actions outside the window are excluded from the result, which keeps responses fast and pagination predictable. When iterating across multiple paged calls, fix `start_time` and `end_time` once at the start of the iteration and reuse the same values on every subsequent call. **Rate limit.** Requests are throttled per tenant at 20 per 60 seconds. Exceeding the limit returns `429 Too Many Requests`. ## Servers Sandbox environment ``` https://api.sbx.transmitsecurity.io/risk/v1 ``` Production environment (US) ``` https://api.transmitsecurity.io/risk/v1 ``` Production environment (EU) ``` https://api.eu.transmitsecurity.io/risk/v1 ``` Production environment (CA) ``` https://api.ca.transmitsecurity.io/risk/v1 ``` Production environment (AU) ``` https://api.au.transmitsecurity.io/risk/v1 ``` ## Security ### risk_access_token An access token generated by the [token endpoint](/openapi/token.openapi/other/getaccesstoken) Type: http Scheme: bearer Bearer Format: JWT ## Download OpenAPI description [Search Actions](https://developer.transmitsecurity.com/_bundle/openapi/risk/actions-search.openapi.yaml) ## Other ### Search actions - [GET /search/actions](https://developer.transmitsecurity.com/openapi/risk/actions-search.openapi/other/searchactions.md): Returns a paginated list of actions within the requested time window. The response is scoped to the tenant identified by the access token — there is no tenantId parameter on this endpoint, and cross-tenant reads are not possible.