Automation & Workflows
Build automation rules and visual workflows to streamline support operations.
⚠️ Preview — not yet in the public API
The endpoints on this page are part of the AurionAI helpdesk and are currently accessible only through an authenticated dashboard session. They are not yet exposed through public API keys — a request authenticated with
X-API-Keyreturns403. Public API-key access is planned. The reference below documents the intended contract.
Automation & Workflows
Aurion provides two levels of automation: Automation Rules for simple event-driven triggers, and Workflows for complex multi-step processes with branching logic, approvals, and integrations.
Automation Rules
Automation rules are simple if-then automations that fire on specific events.
List Rules
GET /api/v2/automation-rules returns a bare JSON array of rule objects — there is no
data/total/limit/offset envelope and the endpoint takes no pagination query params.
curl "https://apps.aurionai.net/api/v2/automation-rules" \
-H "X-API-Key: itsm_sk_live_xxxx"Response:
[
{
"id": "rule_abc123",
"name": "Auto-assign VPN tickets to Network team",
"description": null,
"enabled": true,
"execution_mode": "event",
"trigger_event": "ticket.created",
"time_condition": {},
"conditions": [
{"field": "category", "operator": "equals", "value": "Network"}
],
"actions": [
{"type": "assign_team", "team_id": "team_network"}
],
"priority_order": 1,
"stop_processing": false,
"execution_count": 42,
"last_fired_at": "2026-02-10T14:30:00Z",
"created_at": "2026-02-01T10:00:00Z",
"updated_at": "2026-02-01T10:00:00Z"
}
]Create Rule
POST /api/v2/automation-rules returns 201 Created with the created rule object (same
shape as the list items above). name is required (1–200 chars). execution_mode defaults to
"event" and must be one of event or time — any other value returns 422.
curl -X POST "https://apps.aurionai.net/api/v2/automation-rules" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"name": "Escalate urgent tickets",
"execution_mode": "event",
"trigger_event": "ticket.created",
"conditions": [
{"field": "priority", "operator": "equals", "value": "urgent"}
],
"actions": [
{"type": "assign_team", "team_id": "team_escalation"},
{"type": "send_notification", "template": "urgent_ticket"}
],
"enabled": true,
"priority_order": 1,
"stop_processing": false
}'For a time-based rule, set "execution_mode": "time" and supply time_condition (e.g.
{"older_than_minutes": 60, "status": ["open"]}) instead of trigger_event. You can update a
rule with PATCH /api/v2/automation-rules/{rule_id} (partial body) and fetch one with
GET /api/v2/automation-rules/{rule_id} (404 {"detail": "Automation rule not found"} if it
does not exist).
Delete Rule
curl -X DELETE "https://apps.aurionai.net/api/v2/automation-rules/rule_abc123" \
-H "X-API-Key: itsm_sk_live_xxxx"Returns 204 No Content on success (404 {"detail": "Automation rule not found"} if the rule
does not exist).
Execution Logs
View execution logs across all automation rules. This is a single global endpoint — there is
no per-rule logs route. It accepts only a limit query param (default 50, range 1–200)
and returns a bare JSON array.
curl "https://apps.aurionai.net/api/v2/automation-rules/logs?limit=50" \
-H "X-API-Key: itsm_sk_live_xxxx"Response:
[
{
"id": "log_abc123",
"rule_id": "rule_abc123",
"rule_name": "Auto-assign VPN tickets",
"event_type": "ticket.created",
"conversation_id": "conv_xyz",
"status": "success",
"actions_executed": 2,
"executed_at": "2026-02-10T14:30:00Z"
}
]Trigger Event
Programmatically fire an automation event to execute matching rules:
curl -X POST "https://apps.aurionai.net/api/v2/automation-rules/execute-event" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"event_type": "ticket.created",
"conversation_id": "conv_xyz",
"payload": {
"category": "Network",
"priority": "high"
}
}'Response: echoes the event and returns one entry per evaluated rule in executed. Each
entry reports whether the rule matched, whether its actions ran (success), the list of
per-action results (actions_executed), and any error_message.
{
"event_type": "ticket.created",
"conversation_id": "conv_xyz",
"executed": [
{
"rule_id": "rule_abc123",
"matched": true,
"success": true,
"actions_executed": [
{"type": "assign_team", "team_id": "team_network", "status": "ok"}
],
"error_message": null
}
]
}Workflows
Workflows are visual, multi-step automations with branching, approvals, and version control.
List Workflows
curl "https://apps.aurionai.net/api/v2/workflows?status=published" \
-H "X-API-Key: itsm_sk_live_xxxx"Create Workflow
POST /api/v2/workflows returns 201 Created. The canvas is supplied under the top-level
canvas_definition field (with nodes, edges, and viewport), and trigger metadata under
trigger_config. Optional: template_id to seed from a template.
curl -X POST "https://apps.aurionai.net/api/v2/workflows" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"name": "New Employee Onboarding",
"description": "Automated onboarding workflow for new hires",
"trigger_config": {"type": "event", "event_types": ["ticket.created"]},
"canvas_definition": {
"nodes": [
{"id": "start", "type": "trigger", "config": {"event": "ticket.created"}},
{"id": "check", "type": "condition", "config": {"field": "category", "equals": "Onboarding"}},
{"id": "create_accounts", "type": "action", "config": {"type": "create_ticket", "subject": "Create accounts for new hire"}},
{"id": "notify", "type": "action", "config": {"type": "send_notification"}}
],
"edges": [
{"from": "start", "to": "check"},
{"from": "check", "to": "create_accounts", "condition": "true"},
{"from": "create_accounts", "to": "notify"}
],
"viewport": {"x": 0, "y": 0, "zoom": 1}
}
}'Publish Workflow
Workflows must be published before they execute. Publishing creates a versioned snapshot:
curl -X POST "https://apps.aurionai.net/api/v2/workflows/wf_abc123/publish" \
-H "X-API-Key: itsm_sk_live_xxxx"Execute Workflow
Manually execute a published workflow against an existing conversation. The body requires a
single conversation_id field (a valid UUID). The endpoint creates a run and dispatches
execution asynchronously, so it returns 202 Accepted — it does not run synchronously and
takes no free-form input object.
curl -X POST "https://apps.aurionai.net/api/v2/workflows/wf_abc123/execute" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"conversation_id": "3f1c9a2e-7b40-4e8d-9a1f-2c6b5d8e0a11"
}'Dry Run
Test a workflow without executing side effects. The dry-run is workflow-scoped —
POST /api/v2/workflows/{workflow_id}/dry-run — and runs the workflow's current canvas. The
body is optional; pass trigger_event to supply sample input, otherwise the trigger node's
pinned test data is used.
curl -X POST "https://apps.aurionai.net/api/v2/workflows/wf_abc123/dry-run" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"trigger_event": {"category": "Onboarding", "priority": "high"}
}'Webhook Triggers
Workflows can be triggered by external webhooks. Each workflow has a unique webhook URL that
verifies an HMAC-SHA256 signature passed in the X-Workflow-Signature header. This is the one
endpoint here that is not dashboard/session gated — the HMAC signature is the credential,
so no API key or session is needed. It returns 202 Accepted immediately and executes
asynchronously.
curl -X POST "https://apps.aurionai.net/api/v2/workflows/webhook/wf_abc123" \
-H "X-Workflow-Signature: <hex-hmac-sha256-of-raw-body>" \
-H "Content-Type: application/json" \
-d '{"event": "deploy_completed", "version": "2.4.0"}'Workflow Approvals
Workflows can pause at approval steps and wait for human decision:
curl "https://apps.aurionai.net/api/v2/workflows/approvals/pending" \
-H "X-API-Key: itsm_sk_live_xxxx"curl -X POST "https://apps.aurionai.net/api/v2/workflows/approvals/req_123/decide" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{"decision": "approved", "comment": "Looks good, proceed."}'The decision field must be exactly approved or rejected; comment is optional (max 2000
chars).
Workflow Runs
Monitor workflow execution history. Runs are listed per workflow at
GET /api/v2/workflows/{workflow_id}/runs — there is no top-level /runs endpoint. Filter by
status and page with limit (default 50, range 1–200) and offset.
curl "https://apps.aurionai.net/api/v2/workflows/wf_abc123/runs?status=completed&limit=10" \
-H "X-API-Key: itsm_sk_live_xxxx"Drill into a single run and its steps with
GET /api/v2/workflows/{workflow_id}/runs/{run_id} and
GET /api/v2/workflows/{workflow_id}/runs/{run_id}/steps.
Version History
Workflows support version control and rollback:
curl "https://apps.aurionai.net/api/v2/workflows/wf_abc123/versions" \
-H "X-API-Key: itsm_sk_live_xxxx"curl -X POST "https://apps.aurionai.net/api/v2/workflows/wf_abc123/versions/3/restore" \
-H "X-API-Key: itsm_sk_live_xxxx"Workflow Templates
Get started quickly with pre-built templates:
curl "https://apps.aurionai.net/api/v2/workflows/templates?category=onboarding" \
-H "X-API-Key: itsm_sk_live_xxxx"curl -X POST "https://apps.aurionai.net/api/v2/workflows/templates/tpl_abc/install" \
-H "X-API-Key: itsm_sk_live_xxxx"Installing a template returns 201 Created.
Migrate from Automation Rules
Migrate a simple automation rule to the workflow engine. Returns 201 Created with the new workflow:
curl -X POST "https://apps.aurionai.net/api/v2/workflows/migrate-from-rule/rule_abc123" \
-H "X-API-Key: itsm_sk_live_xxxx"Canvas Size Limit
The canvas_definition JSON is limited to 5 MB per workflow. A create or update that exceeds
this returns 413 Content Too Large with
{"detail": "canvas_definition exceeds 5MB payload limit"}.
AI Automation
AI-powered classification, routing, and resolution that works alongside automation rules and workflows. Configure thresholds and behavior, manage routing rules, and monitor performance.
AI Automation endpoints are mounted under
/api/ai-automation— not/api/v2/ai-automation. The settings, metrics, resolution-audit, and routing-simulate endpoints are additionally rate-limited to 30 requests/minute.
Get AI Automation Settings
curl "https://apps.aurionai.net/api/ai-automation/settings" \
-H "X-API-Key: itsm_sk_live_xxxx"Response:
{
"classification": {
"enabled": true,
"auto_apply_threshold": 0.85,
"suggest_threshold": 0.5,
"auto_apply_fields": ["category", "priority", "conversation_type"],
"classify_on": ["conversation.created", "conversation.customer_replied"],
"reclassify_on_reply": true,
"exclude_channels": []
},
"routing": {
"enabled": true,
"route_on_first_classification_only": true,
"skills_timeout_seconds": 300,
"fallback_to_team_pool": true,
"ai_skill_matching_enabled": false
},
"resolution": {
"enabled": false,
"mode": "suggest",
"auto_resolve_threshold": 0.92,
"kb_match_threshold": 0.9,
"max_auto_resolve_attempts": 2,
"exclude_high_priority": true
},
"version": 3,
"updated_at": "2026-02-10T14:00:00Z"
}Update AI Automation Settings
Partial update -- only include the sections you want to change:
curl -X PUT "https://apps.aurionai.net/api/ai-automation/settings" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"classification": {
"enabled": true,
"auto_apply_threshold": 0.9
},
"resolution": {
"enabled": true,
"mode": "suggest"
}
}'Returns the full updated settings object (same shape as GET).
AI Automation Metrics
Aggregated metrics for classification, routing, and resolution over a time period:
curl "https://apps.aurionai.net/api/ai-automation/metrics?days=30" \
-H "X-API-Key: itsm_sk_live_xxxx"Response: rate fields (auto_apply_rate, override_rate, first_assignment_accuracy,
resolution_rate, suggestion_acceptance_rate, avg_combined_confidence,
avg_time_to_route_ms) are null when their denominator is zero.
{
"period_days": 30,
"classification": {
"total_classified": 482,
"auto_applied": 410,
"suggested": 45,
"silent": 15,
"agent_overridden": 12,
"auto_apply_rate": 0.8506,
"override_rate": 0.0293
},
"routing": {
"total_routed": 398,
"overflow_used": 15,
"routing_failed": 3,
"subsequently_reassigned": 7,
"first_assignment_accuracy": 0.9246,
"avg_time_to_route_ms": 120
},
"resolution": {
"total_attempted": 200,
"auto_resolved": 85,
"suggested": 90,
"skipped": 25,
"sent_by_agent": 70,
"dismissed_by_agent": 20,
"resolution_rate": 0.425,
"suggestion_acceptance_rate": 0.7778,
"avg_combined_confidence": 0.91
},
"funnel": {
"classified": 482,
"routed": 398,
"resolved": 85
}
}Resolution Audit Log
View recent AI resolution decisions with confidence scores:
curl "https://apps.aurionai.net/api/ai-automation/resolution/audit?limit=20" \
-H "X-API-Key: itsm_sk_live_xxxx"Response:
[
{
"id": "aud_abc123",
"conversation_id": "conv_xyz",
"action": "auto_resolved",
"mode": "auto",
"classification_confidence": 0.95,
"kb_match_score": 0.93,
"reply_coherence_score": 0.88,
"combined_confidence": 0.94,
"skip_reason": null,
"model_used": "claude-sonnet-4-20250514",
"created_at": "2026-02-10T14:30:00Z"
}
]Simulate Routing
Test how a conversation would be routed without actually routing it:
curl -X POST "https://apps.aurionai.net/api/ai-automation/routing/simulate" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"category": "Network",
"priority": "high",
"conversation_type": "incident",
"sentiment": "negative"
}'Response:
{
"matched_rule": {
"id": "rr_abc123",
"sort_order": 2,
"category": "Network",
"priority": "high"
},
"matched_team_id": "team_network",
"overflow_team_id": "team_general",
"required_skills": ["networking"],
"routing_method": "balanced",
"message": "Rule matched."
}List Routing Rules
curl "https://apps.aurionai.net/api/ai-automation/routing/rules" \
-H "X-API-Key: itsm_sk_live_xxxx"Response:
[
{
"id": "rr_abc123",
"tenant_id": "t_xyz",
"category": "Network",
"priority": "high",
"conversation_type": null,
"sentiment": null,
"target_team_id": "team_network",
"overflow_team_id": "team_general",
"required_skills": ["networking"],
"routing_method": "balanced",
"priority_boost": 1,
"sort_order": 0,
"is_active": true,
"created_at": "2026-02-01T10:00:00Z",
"updated_at": "2026-02-01T10:00:00Z"
}
]Create Routing Rule
curl -X POST "https://apps.aurionai.net/api/ai-automation/routing/rules" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"category": "Security",
"priority": "urgent",
"target_team_id": "team_security",
"required_skills": ["security", "incident_response"],
"routing_method": "round_robin",
"priority_boost": 2,
"sort_order": 0,
"is_active": true
}'Returns 201 Created with the new RoutingRuleResponse. routing_method must be one of
balanced, round_robin, or manual; priority_boost is bounded to −2..2 and sort_order
must be ≥ 0.
Update Routing Rule
curl -X PUT "https://apps.aurionai.net/api/ai-automation/routing/rules/rr_abc123" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"priority_boost": 0,
"is_active": false
}'Delete Routing Rule
curl -X DELETE "https://apps.aurionai.net/api/ai-automation/routing/rules/rr_abc123" \
-H "X-API-Key: itsm_sk_live_xxxx"Returns 204 No Content on success.
Reorder Routing Rules
Update the evaluation order of routing rules. Rules are evaluated top-to-bottom (lowest sort_order first):
curl -X POST "https://apps.aurionai.net/api/ai-automation/routing/rules/reorder" \
-H "X-API-Key: itsm_sk_live_xxxx" \
-H "Content-Type: application/json" \
-d '{
"ordered_ids": ["rr_security", "rr_network", "rr_general"]
}'Returns 204 No Content on success. The position in the ordered_ids array becomes the new sort_order.
Related Guides
- SLA Management — SLA policies and escalation rules
- Webhooks — Subscribe to
workflow.*events - Teams & Routing — Team assignment in automation actions
Authorization
These endpoints are not on the API-key surface — there is no automation API-key scope, so
an X-API-Key request is denied (403 {"detail": "API keys are not permitted for this endpoint"})
before any scope check runs. Within an authenticated dashboard session they are gated by the
caller's role and tenant permissions:
| Endpoint group | Required authorization |
|---|---|
Read automation rules / logs (GET /api/v2/automation-rules, .../{id}, .../logs) | Role super_admin, tenant_owner, tenant_admin, agent, supervisor, tenant_user, or tenant_readonly |
Create / update / delete a rule, run time rules (POST/PATCH/DELETE /api/v2/automation-rules, .../run-time) | Role super_admin, tenant_owner, or tenant_admin |
Execute an event (POST /api/v2/automation-rules/execute-event) | Role super_admin, tenant_owner, tenant_admin, agent, supervisor, or tenant_user |
| Read workflows, runs, quota, templates | Tenant permission workflow:read |
| Create / update a workflow, install / save a template | Tenant permission workflow:create |
| Delete a workflow or template | Tenant permission workflow:delete |
| Publish, execute, restore, approve, decide | Tenant permission workflow:publish |
| AI Automation settings, metrics, routing rules | Role-gated within the dashboard session (and rate-limited to 30/minute on the settings/metrics/audit/simulate endpoints) |
The POST /api/v2/workflows/webhook/{workflow_id} trigger is the lone exception — it is
authenticated by its HMAC-SHA256 X-Workflow-Signature rather than a session or API key.