Enables tenants to securely retrieve their Audit Logs on demand through a simple, authenticated API call.
API Endpoint and Authentication
Your API endpoint varies based on where your Webex Connect account is hosted. Visit Know Your API Endpoint section to know more. The format of the endpoint is: https://wxconnectplatform.{YourRegion}.webexconnect.io/connectapi/v1/auditManager/audit-logs/export
You will have to use Cisco Webex Common Identity (CI) token (Refer to Webex Contact Center Authentication for token generation).
Introduction
The Webex Connect User Audit Logs API enables tenants to securely retrieve their Audit Logs on demand through a simple, authenticated API call. Designed to enhance operational flexibility and support compliance requirements, this API provides an alternative to Kafka-based log delivery, allowing users to access audit data whenever needed, without dependency on streaming infrastructure.
Prerequisites
This API supports Cisco Webex Common Identity (CI) authentication and requires creation of a Service App in Webex Developer Portal (https://developer.webex.com/). For Webex Connect tenants that do not have a Webex Org ID assigned yet, there is an additional pre-requisite step of getting it generated by logging a request with your account manager.
Retrieving Webex Connect Audit Logs via API
View Audit Logs specific to a tenant through an API call authenticated using Cisco Webex CI.
Request Body
{
"range": "1",
"from": "2026-02-22T00:00:00.000Z",
"to": "2026-02-26T23:59:59.000Z",
"offset": 0,
"max": 2000,
"eventCategories": "",
"actorIds": "",
"adminRoles": ""
}
Request Parameters
The following are the parameters of the request body:
| Parameter | Type | Mandatory | Description |
|---|---|---|---|
| range | String/Num | yes | Time range (e.g., 6 represents the last 6 days and today). Range can be used in two ways - Numeric Value or Custom Range. Numeric Value: To select a predefined number of days. The value represents the number of days, starting from 0. 0 = Yesterday 1 = Today 6 = Last 6 days and today Custom Range: To select a specific date range. Use "range": "custom" and specify both 'from' Date and 'to' Date in ISO 8601 format. Note: If 'custom' is selected, both 'from' and 'to' dates are mandatory. |
| from | String | yes | Start timestamp for the Audit Logs fetch (ISO 8601 format). Example: "2018-01-01T13:12:11.789Z" |
| to | String | yes | End timestamp for the Audit Logs fetch (ISO 8601 format). Example: "2018-01-01T14:12:11.789Z" |
| offset | Integer | no | The starting record index for the retrieval range with default 0. |
| max | Integer | no | Limit the maximum number of records to be returned in the response. The maximum value is 10,000 and the default value is 2000. "Max": 100 |
| eventCategories | String | no | Comma-separated list of event categories to filter logs. Refer Event Categories for Audit Logs. |
| actorIds | String | no | Comma-separated list of user IDs to filter logs. |
| adminRoles | String | no | Comma-separated list of admin roles to filter logs. |
Sample Response Body
{
"code": "0",
"description": "success",
"transid": "acc1968c-a9c1-4769-8f60-79aff095a243",
"totalRecords": 1089,
"resultSize": 500,
"auditLogs": [
{
"actionText": "Garuda failed to update MobileWebTypeApp app",
"statusOfAction": "ERROR",
"eventCategory": "ERROR",
"adminRoles": [
"Owner"
],
"transid": "",
"created": "2026-02-23T11:12:40.653Z",
"groupId": "3",
"eventDescription": "updateMobileWebAppType",
"actorEmail": "[email protected]",
"serviceId": "0",
"actorIp": "151.186.177.21"
}
]
}
Response Parameters
The following are the parameters of the response body:
| Parameter | Type | Description |
|---|---|---|
code | String | Status code indicating the result of the API call (e.g., "0" for success). |
description | String | Text description of the result status (e.g., "success"). |
transid | String | Unique identifier of the transaction. |
totalRecords | Integer | The total number of records available in the data source. |
resultSize | Integer | The number of records returned in the current response. |
auditLogs | Array of Object | List of audit log entries related to actions performed. |
actionText | String | Description of the action performed (including outcome, e.g., "failed to update..."). |
statusOfAction | String | Status of the action (e.g., "ERROR", "SUCCESS"). |
eventCategory | String | Category of the event (e.g., "ERROR"). |
adminRoles | Array | List of admin roles associated with the action (e.g., ["Owner"]). |
transid (for Audit Logs) | String | Transaction ID for the specific audit log entry (may be empty if not applicable). |
created | String | Timestamp when the action was performed (ISO 8601 format). |
groupId | String | Identifier for the group associated with the action. |
eventDescription | String | Short description or name of the event (e.g., "updateMobileWebAppType"). |
actorEmail | String | Email address of the user who performed the action. |
serviceId | String | Identifier for the service involved in the action. |
actorIp | String | IP address of the user who performed the action. |
description | String | The description of the user action. |
HTTP Status Codes
| Scenario | HTTP Status Code | Description |
|---|---|---|
| Success | 200 OK | Request processed successfully. |
| Invalid Input | 400 Bad Request | Missing 'from', 'to', or malformed JSON. |
| Auth Failure | 401 Unauthorized | Invalid or missing ci-token / accesstoken. |
| Permission Denied | 403 Forbidden | Token is valid, but the API is restricted for this user/machine. |
| Server Error | 500 Internal Server Error | Database connection failure or unhandled exception. |