Skip to main content

Celonis Product Documentation

Connecting the audit log API to Celonis EMS

The Audit Logs page in Admin and Settings lets you look through the last 500 audit log entries in pages. If you want to do more in-depth analysis or investigation, you can use the Audit Log API to export the data from the Celonis EMS audit logs, and create an extractor to feed it back into Celonis EMS. This lets you create your own Views in the Studio to analyze the audit log data.

Follow these procedures to connect the Audit Log API and create an extractor.

Grant API permissions
  1. Go to Admin and Settings > Applications.

  2. Create a new application and save the application token


    Do not skip this step. You will need the application token later.

  3. Go to Admin and Settings > Permissions > Team Permissions

  4. Identify the new application name you created in the list under User/Group/Application.

  5. Check the checkbox for Use Audit Log API, Use Login History API, or both. Selecting the checkboxes gives the application permission to use the API.

  6. Done.

Test the API with Swagger
  1. Log in to your Team if you aren’t already.

  2. Go to the Swagger page by populating this URL with your team details:

    https://[Your Team]/swagger-ui/index.html?configUrl=/log/v3/api-docs/swagger-config

    Manually replace [Your Team] with the corresponding team + cluster

  3. Click the Authorise button in the swagger doc.

  4. In the value field type: AppKey. Copy the application token from earlier, ensuring a space between AppKey and Token.

  5. Close the UI dialogue

  6. Click the right-hand expand icon next to the Lock icon.

  7. Click Try it out

  8. Scroll down and click the long blue bar saying Execute.

  9. You will now see the response from the API, including the header that shows the AppKey Token and the URL. Both these will be used later.

  10. You now know the API is working ok.

Creating an EMS extractor (basic structure without pagination or headers)
  1. Navigate back to your EMS Team

  2. Go to Data Integration

  3. Create a new Data Pool and name it.

  4. Go to the Extractor Build

  5. Click build a new extractor.

  6. Name the extractor > Save and continue.

  7. Click edit on the API URL row.

  8. Add your team URL to the Default Value (Optional) field:

    https://[Your Team]

    This is the first part of the URL header in the swagger doc below ‘GET’

  9. Save > Save and continue.

  10. In Authentication, methods click the box for API Key Authorisation (make sure you also click just below the checkbox, so you see the UI on the right change)

  11. In the UI on the right, in the field for Api Key Header, enter: Authorization.

  12. Save and Continue

  13. On the define endpoints page, click Add new endpoint.

  14. Give the endpoint a name > Move to Configure Request

  15. In URL enter {Connection.API_URL}/[Enter what is shown in the swagger doc URL after] Eg:/log/api/external/audit? So the final text could read  {Connection.API_URL}/log/api/external/audit?Request parameters and Headers can be completed after as needed)

  16. Move to pagination and set “No Pagination” (Again, this field can be modified later as needed)

  17. Go to configure response.

  18. Click on Configure Response using the sample from your source system.

  19. Click create a data source.

  20. Name the data connection.

  21. In the API Key field, copy and paste the Authorization from the swagger doc (AppKey Token) or the token you saved and used earlier. Copy your application token from earlier, ensuring a space between AppKey and Token.

  22. Test the connection, and it should be successful.

  23. Click Save

  24. Click build response

  25. Ensure the expected tables are shown in the response

  26. Click Finish

Now create a data job as normal using the new extractor you just built. Once this is complete, create a new data model as normal using the data job you just built. Once the Connection > Data Job > Data Model is complete, you are ready to go to Studio and create a view using the data from the API.