diff --git a/server/api/events.js b/server/api/events.js
index b007c74c..3900f795 100644
--- a/server/api/events.js
+++ b/server/api/events.js
@@ -16,6 +16,7 @@ router.post("events.list", auth(), pagination(), async (ctx) => {
   let {
     sort = "createdAt",
     actorId,
+    documentId,
     collectionId,
     direction,
     name,
@@ -31,10 +32,12 @@ router.post("events.list", auth(), pagination(), async (ctx) => {
 
   if (actorId) {
     ctx.assertUuid(actorId, "actorId must be a UUID");
-    where = {
-      ...where,
-      actorId,
-    };
+    where = { ...where, actorId };
+  }
+
+  if (documentId) {
+    ctx.assertUuid(documentId, "documentId must be a UUID");
+    where = { ...where, documentId };
   }
 
   if (collectionId) {
diff --git a/server/api/events.test.js b/server/api/events.test.js
index be915655..b85bc5bc 100644
--- a/server/api/events.test.js
+++ b/server/api/events.test.js
@@ -1,7 +1,7 @@
 /* eslint-disable flowtype/require-valid-file-annotation */
 import TestServer from "fetch-test-server";
 import app from "../app";
-import { buildEvent } from "../test/factories";
+import { buildEvent, buildUser } from "../test/factories";
 import { flushdb, seed } from "../test/support";
 
 const server = new TestServer(app.callback());
@@ -101,6 +101,54 @@ describe("#events.list", () => {
     expect(body.data[0].id).toEqual(auditEvent.id);
   });
 
+  it("should allow filtering by documentId", async () => {
+    const { user, admin, document, collection } = await seed();
+
+    const event = await buildEvent({
+      name: "documents.publish",
+      collectionId: collection.id,
+      documentId: document.id,
+      teamId: user.teamId,
+      actorId: user.id,
+    });
+
+    const res = await server.post("/api/events.list", {
+      body: {
+        token: admin.getJwtToken(),
+        documentId: document.id,
+      },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(1);
+    expect(body.data[0].id).toEqual(event.id);
+  });
+
+  it("should not return events for documentId without authorization", async () => {
+    const { user, document, collection } = await seed();
+    const actor = await buildUser();
+
+    await buildEvent({
+      name: "documents.publish",
+      collectionId: collection.id,
+      documentId: document.id,
+      teamId: user.teamId,
+      actorId: user.id,
+    });
+
+    const res = await server.post("/api/events.list", {
+      body: {
+        token: actor.getJwtToken(),
+        documentId: document.id,
+      },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.data.length).toEqual(0);
+  });
+
   it("should allow filtering by event name", async () => {
     const { user, admin, document, collection } = await seed();