CafeX Audit Events API

Introduction

The CafeX Audit Events API allows the retrieval of audit event data for CafeX tenants. Data can be filtered by time and other event properties. Data access is secured using an authorization token which can be generated by CafeX tenants.

Endpoint

The API can be accessed on

https://app.cafex.com/audit-search-rest/search

Authentication

Access to the API is authenticated by including an authorization token in the header of the request.

To generate this token a Client application must be created inside CafeX.

To do this log in to CafeX as a tenant administrator:

• Click on the three dot header menu and select “Tenant settings”

• Under “Management” click on “Client applications”

• Click on “Add” and give the client application a name (such as “Audit Events API client application”

• A client application will be created with a Client ID and a Client secret.

Once a Client ID and Client secret exists a HTTP request needs to be made to generate an authorization token.

POST https://auth.cafex.com/authserver/token

Include a x-www-form-urlencoded request body that contains the following parameters: (replace the client_id and client_secret with the ones previously generated)

grant_type : client_credentials

client_id: {CLIENT ID HERE}

client_secret: {CLIENT SECRET HERE}

This should contain a response with an access_token field.

Take this access_token part and include it in an “Authorization” header on the search HTTP request in the format:

Bearer {ACCESS TOKEN HERE}

This token lasts eight hours from generation before a new one needs to be generated (the same Client ID and Client secret can be used).

Date/time format

Date and time are accepted in the ISO 8601 UTC format. e.g.

2023-01-30T12:00:00.000

2023-01-30T12:00:00

2023-01-30T12:00

2023-01-30

If no offset is provided then UTC is used. A timezone offset can be provided e.g.

2023-01-30T12:00:00-05:00

All dates/times returned are in the full format as UTC (no offset). e.g.

2023-01-30T12:00:00.000+00:00

Search

Searching can be performed by sending a HTTP request to:

POST https://app.cafex.com/audit-search-rest/search

Your request requires an Authorization header (see: Authentication).

Your request requires a JSON encoded body to be present which contains some required and optional attributes.

For best performance, queries should be as specific as possible. (small date ranges and specifying event types and services, for example).

Important: Events are stored for a maximum of one year, so any events which happened more than a year ago will not be available.

Request Body

Example Request Body

{

   "page": {

       "pageSize": 100,

       "continuationToken": “abcdefghijklmnopqrstuvwxyz…”

   },

   "timestampFrom": "2023-01-01T09:00.00",

   "timestampTo": "2023-01-07T17:00.00",

   "service": ["TRACK", "ENTRY"],

   "secondaryAttributes": {

      "objectId": "23804d37-d753-4dad-84bb-8f691a50aa12"

   },

   "changes": {

      "status": "ACTIVE",

      "type": "STANDARD"

   },

   "sortDirection": "ASC"

}

Response Body

Response Body event object

Example Response Body

{

    "page": {

        "pageSize": 100,

        "continuationToken": “abcdefghijklmnopqrstuvwxyz…”,

    },

    "events": [

        {

            "id": "61580af7-6def-4743-877f-3724fc83fc31",

            "service": "ENTRY",

            "type": "ENTRY_ACCESS",

            "action": "SUCCESS",

            "timestamp": "2022-01-01T09:00:00.123+00:00",

            "message": "Entry accessed: example.jpeg, filename type: jpeg",

            "trackId": "849c1214-fa97-4639-ade0-2219d3627823",

            "secondaryAttributes": {

                "objectId": "6e94b5a5-6753-4e4a-b57f-4ce220068a73",

            },

            "userEmail": "someone@somewhere.com",

            "userId": "910522e7-7664-4a81-98ca-16c1b725e14e",

            "userAccountId": "a6cc2b41-e251-44ce-9efa-a46d41dbe0cd",

            "ipAddress": "123.456.78.901"

        },

        ...

    ]

}

Finding userId for searching

In the search request a userId value can be passed to filter by the user who carried out the action. In order to find a userId you can do the following:

• Log in to CafeX as a tenant administrator and click on the three dot header menu and select “Tenant settings”

• Under “Management” click on “Users”

• Find the user you would like to filter on and copy their ID from the correct row. You can use this as the userId value in a search request.

Reference

Service values

ACTION

API

ARTICLE

AUTH

CUSTOM_VIEW

DASHBOARD

ENTRY

PARTNER

RULES_ENGINE

SYSTEM

TENANT

TRACK

USER

USER_GROUP

Type values

API_KEY_CREATED

API_KEY_DELETED

AUDIT_QUERY

AUTH_LOGIN

AUTH_LOGOUT

CUSTOM_VIEW_EXIT_VIEW

CUSTOM_VIEW_INVOKE_ACTION

CUSTOM_VIEW_LOADED

CUSTOM_VIEW_LOGOUT

CUSTOM_VIEW_UI_ACTION

CUSTOM_VIEW_UI_CONTEXT_SWITCH

CUSTOM_VIEW_UI_INFO

DASHBOARD_ADD

DASHBOARD_DELETE

DASHBOARD_UPDATE

DATA_SOURCE_CREATED

DATA_SOURCE_DELETED

DATA_SOURCE_RECORDS_CREATE

DATA_SOURCE_RECORDS_DELETE

DATA_SOURCE_RECORDS_RETRIEVE

DATA_SOURCE_RECORDS_UPDATE

DATA_SOURCE_UPDATED

EMAIL_RULE_CHANGED

EMAIL_RULE_CREATED

EMAIL_RULE_DELETED

ENTRY_ACCESS

ENTRY_ACTION_ADD

ENTRY_ACTION_DELETE

ENTRY_ACTION_UPDATE

ENTRY_APPROVAL_REQUEST_ADD

ENTRY_APPROVAL_REQUEST_APPROVE

ENTRY_APPROVAL_REQUEST_DELETE

ENTRY_APPROVAL_REQUEST_UPDATE

ENTRY_CREATE

ENTRY_DELETE

ENTRY_FILE_DELETE

ENTRY_FILE_DOWNLOAD

ENTRY_FILE_SCAN

ENTRY_FILE_UPDATE

ENTRY_TEXT_FILE_DELETE

ENTRY_TEXT_FILE_UPDATE

ENTRY_TRANSCRIPTION_REQUEST

ENTRY_UPDATE

ENTRY_VIEW

GOOGLE_FILE_DOWNLOAD

GOOGLE_FILE_UPLOAD

GOOGLE_FILE_VIEW

KB_WIKI_CREATION

MINI_APP_ADDED

MINI_APP_DELETED

MINI_APP_UPDATED

MINI_APP_VIEW_ADDED

MINI_APP_VIEW_DELETED

MINI_APP_VIEW_UPDATED

ONEDRIVE_FILE_UPLOAD

ONEDRIVE_FILE_VIEW

PARTNERSHIP_CHANGED

PARTNERSHIP_CREATED

PARTNERSHIP_DELETED

RULESET_CREATED

RULESET_DELETED

RULESET_EXECUTED

RULESET_EXPORTED

RULESET_IMPORTED

RULESET_UPDATED

SYSTEM_SETTING_ACCESS

SYSTEM_SETTINGS_CHANGED

TASK_ADDED

TASK_DELETED

TASK_TABLE_ADDED

TASK_TABLE_DELETED

TASK_TABLE_UPDATED

TASK_UPDATED

TENANT_ACCESS

TENANT_CREATED

TENANT_SETTINGS_CHANGED

TRACK_ACCESS

TRACK_AUTO_ARCHIVE

TRACK_CHANGED

TRACK_COPY

TRACK_CREATED

TRACK_CREATION_SERVICE

TRACK_DELETED

TRACK_JOIN

TRACK_MEMBER_ADD

TRACK_MEMBER_ADD_PENDING

TRACK_MEMBER_ADD_REJECTED

TRACK_MEMBER_DELETE

TRACK_MEMBER_PENDING_ACCEPT

TRACK_MEMBER_PENDING_REJECT

TRACK_MEMBER_UPDATE

TRACK_RESTORE

TRACK_TRANSFER

UI_FLOW_ADDED

UI_FLOW_DELETED

UI_FLOW_UPDATED

USER_ANNOUNCEMENT_CHANGED

USER_ANNOUNCEMENT_CREATED

USER_ANNOUNCEMENT_DELETED

USER_CREATED

USER_GROUP_CREATED

USER_GROUP_DELETED

USER_GROUP_UPDATED

USER_SETTINGS_CHANGED

USER_UPDATED

WEBHOOK_NOTIFICATION_SENT

Action values

FAIL

START

SUCCESS