What are API Audit Logs?

API audit logs contain a record of each external API call that is being made by Moveworks to your external systems. These logs provide you with information on any HTTP API call, including the endpoint, method, HTTP response code, and API request/response bodies.

How does Moveworks call your external system?

Moveworks calls your external system through REST API calls and passes the relevant information in the API request body & headers. These API calls are embedded into the Moveworks AI assistant workflows. Moveworks picks up the configured connector for the relevant skills and then calls the external system endpoints.

When is an API audit log recorded?

Whenever an API call is being made by Moveworks a API audit log is recorded. The SLA for these logs is near-instant, so as soon as a conversation is completed within the AI assistant and the execution is done, the API audit log is also captured for that conversation or for that instance of interaction.

Where are API audit logs located?

The API audit logs page can be found in Moveworks Setup at Moveworks Setup → Organizational Details → Audit → API logs.

What events are captured in API audit logs?

API audit logs capture external API calls made by Moveworks across eight major skills - Each skill contains sub-skills which are recorded as a plugin. For a full list of built-in plugin please refer to this doc.

1. Ticketing — filing, resolving, reopening, and commenting on tickets.
2. Live Agent — connection requests and live agent session termination.
3. Approvals — end-user updates to approval records.
4. Group Operations — creating groups, adding members, and removing members.
5. Account Operations — password updates and account unlocks
6. Software Operations — software provisioning attempts.
7. System — Internal Moveworks calls for purposes like connector validation. This is the default fallback in-case a plugin is not identified this will be populated in the plugin column
8. Enterprise Search & Forms — API calls are being routed to the ticket service for ticket-related information. Note that this will not include any ingestion logs; only ticketing-related use cases will be captured if any such calls are being made.

Each domain maps to a plugin, and each plugin logs the relevant GET, POST, or PUT calls that occur across its Moveworks workflows.

Example usage of API audit logs

The primary purpose of API audit logs is to track whether API calls made by Moveworks to integrated systems are successful. If a failure occurs, administrators can use these logs to identify potential issues—such as incorrectly formatted request payloads—and determine the configuration changes required to resolve them.

The example below demonstrates how a user can track API calls made to an integrated ITSM platform when filing a ticket through the Moveworks AI Assistant.

Scenario: Tracking Ticket Creation API Calls

In this example, we will look up API audit logs corresponding to the Ticket Creation using the end user’s email and the plugin triggered during the chat conversation pictured above.

Navigate to the API Audit Logs page and search for the relevant logs using the following filters:

• User: vpawar@moveworks.ai
• Plugin: Create Ticket

Understanding the Logged API Calls

During the ticket creation workflow, Moveworks may trigger multiple API calls to the integrated system.

For example, Moveworks may internally call:

• Get Ticket APIs
• Post Ticket APIs

These calls help retrieve additional details after the ticket is created and allow Moveworks to internally process and store the ticket information in its ticket database.

Because of this workflow, you may see multiple API calls associated with a single request. These are expected as part of the built-in Moveworks plugin workflow.

In some cases, you may also notice intermittent failures for certain API calls. Moveworks may automatically retry these requests to successfully retrieve or process the required data.

Identifying the Ticket Creation API Call

To identify the API call responsible for creating the ticket, filter the logs using the HTTP response status code 201 (typical for successful resource creation).

After applying the 201 status code filter, you may see several related POST requests, such as:

1. Create Ticket – Sends the ticket creation request to the service desk API.
2. Add Comment – Adds a comment to the newly created ticket.
3. Add Work Note – Adds an internal work note to the ticket.

If you click on the row of any of these API calls, you will be able to view the request payload that Moveworks sent to the integrated ITSM platform. This helps administrators validate the payload structure and debug issues related to ticket creation workflows (more information here).

Similarly, if a use case is failing within the AI Assistant, the API Audit Logs page can help identify:

• Whether the API call failed
• The specific error returned by the integrated system
• Potential payload or configuration issues

Governance and Access Control for API Audit Logs

API audit logs include potentially sensitive data such as request and response bodies. To protect this information, access is governed through the PII Viewer role available in Moveworks Setup.

Access Levels

Full Access

Users with the following roles can view complete API audit log details, including unredacted request and response data:

• Super Admin
• Moveworks Setup Admin
• Users assigned the PII Viewer role

These users can view:

• API URLs
• Request parameters
• Request and response bodies

Restricted Access

Users without the PII Viewer permission can still access the API Audit Logs interface. However, sensitive information is redacted.

These users will not be able to view:

• Request details
• Query parameters
• Request bodies
• Other sensitive data included in API requests

This governance model ensures that sensitive information is only accessible to authorized users while still allowing others to monitor system activity.