Overview
The Pipe Audit Logs export API is now available for all customers. IT teams can programmatically extract audit records from any pipe, covering both configuration changes and card activity, and feed that data directly into SIEMs, AI Agents, BI platforms, Data Lakes, or AI Agents. One more step toward centralized process governance.
For companies with regulatory requirements such as SOX and BACEN, the API also supports long-term retention by allowing customers to store logs in their own infrastructure.
What's new?
- Batch export endpoint per pipe: request file generation via API and receive a webhook notification when the file is ready for direct download from S3
- Available formats: JSONL and CSV
- Selection window: up to 30 days of data within a 180-day history (D-1)
- Authentication: via Pipe Admin or Service Accounts
- Usage limit: each user can make up to 6 requests per day per pipe
- Coverage: Pipe Configuration Changes and Card Activity
How does this help?
- Regulatory audits without manual exports: compliance teams can trigger extractions via API and store logs in their own infrastructure to meet long-term retention requirements under SOX, BACEN, and similar regulations. Full autonomy in report extraction, with no need to open support tickets with Pipefy
- Native integration with your security and data stack: logs are delivered in structured JSONL or CSV format, ready for ingestion into SIEMs, Data Lakes, BI platforms, or AI Agents
- Incident investigation with up to 180 days of history: IT teams access a complete record of configuration changes and card activity to trace the root cause of issues with precision
- Process governance at scale: companies with multiple pipes can centralize and analyze audit data across their entire operation in an automated way
Use cases
1. Regulatory compliance at a financial services company
A financial institution subject to BACEN requirements needs to retain audit logs for at least 12 months. A data engineer sets up the webhook and automates weekly exports via API, storing the JSONL files in an internal Data Lake. When an audit is initiated, logs are available locally with a complete trail of who changed what and when, with no support tickets and immediate report delivery for the requested period.
2. Incident investigation by an IT team
A Pipe Admin notices that cards in a critical HR process were moved between phases unexpectedly. The IT team uses the API to pull Card Activity logs from the past 60 days, filters by the incident window, and identifies the automation responsible for the incorrect movement. An investigation that would have taken hours through manual analysis is completed in minutes using the structured data.
3. Tracking unauthorized changes in pipe configurations
A critical SLA automation stops working. The problem started ~60 days ago, outside the 30-day window available through the interface export. Using the API, the IT team selects the exact window within the 180-day history, filters by the incident period, and identifies that the trigger rule was edited by a user whose admin permissions were granted without approval. The logs detail who changed what and when. Configuration restored and access revoked in minutes, with no support tickets.
4. Centralized governance across organizations with hundreds of pipes
With over 400 pipes, the IT team has no centralized visibility into which processes are active, which have been abandoned, and where risky changes occurred. Via API, Configuration Change and Card Activity logs are automatically exported to a Data Lake and visualized in BI. The governance team identifies inactive pipes, underperforming investments or regulatory risk, and monitors critical changes at scale, without pipe-by-pipe manual review.
5. Pipe adoption and behavior analysis in BI
An operations team wants to understand which pipes concentrate the most card activity and which phases accumulate the most time. Logs exported via API are ingested into a BI platform, enabling lead time analysis by phase, movement volume tracking, and usage pattern identification, without relying on native platform reports.
Most relevant for
- IT teams at companies with regulatory audit requirements
- Governance, security, and compliance teams at enterprise companies
- Data engineers and architects managing Data Lakes and SIEMs
- Pipe Admins overseeing critical business processes
Documentation
For the full step-by-step, check the Help Center article. API reference available at developers.pipefy.com.
