Introduction

Getting started

Walkthrough Guides

CafeX Apps

Workflows

Using CafeX Collaborate App

Reporting

Managing CafeX

Integrating CafeX

Security

CafeX security datasheet

App Studio

App Studio Components

Reporting

Accessing Audit Information Programmatically

Modified on Thu, 12 Dec at 7:08 AM

TABLE OF CONTENTS

Introduction
Endpoint
Authentication
Date and Time format
Search
Request Body
- Example Request Body
Response Body
- Response Body event object
- Example Response Body
Finding userId for searching
Reference

Introduction

The CafeX Audit Events API allows the retrieval of audit event data for CafeX tenants. Data can be filtered by time and other event properties. Data access is secured using an authorization token which can be generated by CafeX tenants.

Endpoint

The API is available at:

https://app.cafex.com/audit-search-rest/search

Authentication

Access to the API is authenticated by including an authorization token in the request header. Below is the process for generating and using the token.

Step 1: Create a Client Application in CafeX

1. Click on the three dot header menu and select Tenant settings.

A screenshot of a computer

Description automatically generated

2. Under Management, click Client applications.

A screenshot of a computer

Description automatically generated

3. Click Add and provide the client application with a name, such as Audit Events API client application.

A white rectangular object with black lines

Description automatically generated

A client application will be created with a Client ID and a Client secret. Keep these credentials secure.
A screenshot of a computer

Description automatically generated

Step 2: Generate an Authorization Token.

To generate a token, make an HTTP POST request to:

Endpoint:
POST https://auth.cafex.com/authserver/token

Request Body: (use x-www-form-urlencoded format)

Key	Value
grant_type	client_credentials
client_id	{CLIENT ID HERE}
client_secret	{CLIENT SECRET HERE}

Replace {CLIENT ID HERE} and {CLIENT SECRET HERE} with your generated credentials.

Response:

The response will contain an access_token field.

Step 3: Use the Authorization Token

Include the token in the Authorization header for your API requests in the following format: Bearer {ACCESS TOKEN HERE}.

The token remains valid for 8 hours. After expiration, you can use the same Client ID and Client Secret to generate a new token.

Date and Time format

The API accepts date and time in the ISO 8601 format. Below are examples of valid formats:

2023-01-30T12:00:00.000
2023-01-30T12:00:00
2023-01-30T12:00
2023-01-30

If no offset is provided, the default is UTC. Time zone offsets can also be included, for example:

2023-01-30T12:00:00-05:00

All dates and times returned by the API use the full ISO 8601 format and are in UTC (no offset), for example:

2023-01-30T12:00:00.000+00:00

Search

You can perform searches by sending a POST request to:

Endpoint:
POST https://app.cafex.com/audit-search-rest/search

Request Requirements

Authorization Header:
Make sure your request includes the necessary authorization token. For details, see Authentication.
JSON-Encoded Body:
Include a JSON body with the required and optional attributes.

For best performance, make your queries as specific as possible (for example, use narrow date ranges and specify specify event types and services).

Important: Events are stored for a maximum of one year. Events older than this period will no longer be available for search.

Request Body

Attribute name	Type	Required	Description
page	object	true	An object containing a pageSize integer value and an optional continuationToken string value. pageSize specifies the maximum number of results per page. It must not exceed 100. continuationToken is passed back in responses where more results are available. This can be used here to retrieve the next set of results.
timestampFrom	string	true	The start date and time for the search range. For details, see Date and Time format.
timestampTo	string	true	The end date and time for the search range. For details, see Date and Time format.
service	string array	false	An array of service names to filter the results by. For a list of accepted values, see Reference > Service values.
type	string array	false	An array of event type names to filter results by. For a list of accepted values, see Reference > Type values.
action	string array	false	An array of action names to filter the results by. For a list of accepted values, see Reference > Action values.
message	string	false	A partial or complete message string to match.
miniAppId	string	false	The ID of an app to match.
trackId	string	false	The ID of a workspace to match.
conferenceSessionId	string	false	The ID of a conference session to match.
userId	string	false	The ID of a user to match. See Finding userId for searching for details on how to find a user’s userId value.
changes	object	false	An object containing an attribute name and value which will match events that log changes. Example in Example Request Body below.
secondaryAttributes	object	false	An object containing a secondary attribute name and value to filter results. Example in Example Request Body below.
sortDirection	string	false	A string specifying the sort order for results by timestamp: ascending (ASC) or descending (DESC). If not specified, a default of descending is used.

Example Request Body

{
   "page": {
       "pageSize": 100,
       "continuationToken": "abcdefghijklmnopqrstuvwxyz…"
   },
   "timestampFrom": "2023-01-01T09:00.00",
   "timestampTo": "2023-01-07T17:00.00",
   "service": ["TRACK", "ENTRY"],
   "secondaryAttributes": {
      "objectId": "23804d37-d753-4dad-84bb-8f691a50aa12"
   },
   "changes": {
      "status": "ACTIVE",
      "type": "STANDARD"
   },
   "sortDirection": "ASC"
}

Response Body

Attribute name

Type

Always present

Description

page

object

true

An object containing a pageSize integer value and an optional continuationToken, string value.

pageSize specifies the maximum number of results per page. It must not exceed 100.

continuationToken can be used in a subsequent request to get the next set of results for the query (see the Search section).

If no continuationToken is present, it means that no more results exist after the current set of results.

events

array

true

An array of event objects (see below).

Response Body event object

Attribute name	Type	Always present	Description
id	string	true	An ID for the event.
service	string	true	The service that recorded the event, e.g., CUSTOM_VIEW.
type	string	true	The type of event, e.g., ENTRY_CREATE.
action	string	true	The action associated with the event, e.g., SUCCESS.
timestamp	string	true	The timestamp when the event occurred. For details, see Date and Time format.
message	string	false	A detailed message providing the description for the event.
trackId	string	false	The ID of the track which the event happened on.
userEmail	string	false	The email address of the user associated with the event.
userId	string	false	The ID of the user associated with the event.
userAccountId	string	false	The ID of the account which the user belongs to.
ipAddress	string	false	The IP address that the event happened against.
secondaryAttributes	object	false	An object containing string key-value pairs of extra attributes which relate to the event.
changes	object	false	An object containing key-value pairs of attributes describing changes caused by the event. The object which relates to the attribute name contains an optional before and after value which contains the attribute value before anafter the change.

Example Response Body


{
    "page": {
        "pageSize": 100,
        "continuationToken": "abcdefghijklmnopqrstuvwxyz…"
    },
    "events": [
        {
            "id": "61580af7-6def-4743-877f-3724fc83fc31",
            "service": "ENTRY",
            "type": "ENTRY_ACCESS",
            "action": "SUCCESS",
            "timestamp": "2022-01-01T09:00:00.123+00:00",
            "message": "Entry accessed: example.jpeg, filename type: jpeg",
            "trackId": "849c1214-fa97-4639-ade0-2219d3627823",
            "secondaryAttributes": {
                "objectId": "6e94b5a5-6753-4e4a-b57f-4ce220068a73"
            },
            "userEmail": "[email protected]",
            "userId": "910522e7-7664-4a81-98ca-16c1b725e14e",
            "userAccountId": "a6cc2b41-e251-44ce-9efa-a46d41dbe0cd",
            "ipAddress": "123.456.78.901"
        },
        ...
    ]
}

Finding userId for searching

To filter audit events by a specific user who carried out an action, include the userId in your search request. Follow these steps to locate the userId:

Log in to CafeX as a tenant administrator and click on the three dot header menu and select Tenant settings.
Under Management, click Users.
Find the user you would like to filter on and copy their ID from the correct row. You can use this as the userId value in a search request.

Reference

Service values

ACTION

API

ARTICLE

AUTH

CUSTOM_VIEW

DASHBOARD

ENTRY

PARTNER

RULES_ENGINE

SYSTEM

TENANT

TRACK

USER

USER_GROUP

Type values

API_KEY_CREATED

API_KEY_DELETED

AUDIT_QUERY

AUTH_LOGIN

AUTH_LOGOUT

CUSTOM_VIEW_EXIT_VIEW

CUSTOM_VIEW_INVOKE_ACTION

CUSTOM_VIEW_LOADED

CUSTOM_VIEW_LOGOUT

CUSTOM_VIEW_UI_ACTION

CUSTOM_VIEW_UI_CONTEXT_SWITCH

CUSTOM_VIEW_UI_INFO

DASHBOARD_ADD

DASHBOARD_DELETE

DASHBOARD_UPDATE

DATA_SOURCE_CREATED

DATA_SOURCE_DELETED

DATA_SOURCE_RECORDS_CREATE

DATA_SOURCE_RECORDS_DELETE

DATA_SOURCE_RECORDS_RETRIEVE

DATA_SOURCE_RECORDS_UPDATE

DATA_SOURCE_UPDATED

EMAIL_RULE_CHANGED

EMAIL_RULE_CREATED

EMAIL_RULE_DELETED

ENTRY_ACCESS

ENTRY_ACTION_ADD

ENTRY_ACTION_DELETE

ENTRY_ACTION_UPDATE

ENTRY_APPROVAL_REQUEST_ADD

ENTRY_APPROVAL_REQUEST_APPROVE

ENTRY_APPROVAL_REQUEST_DELETE

ENTRY_APPROVAL_REQUEST_UPDATE

ENTRY_CREATE

ENTRY_DELETE

ENTRY_FILE_DELETE

ENTRY_FILE_DOWNLOAD

ENTRY_FILE_SCAN

ENTRY_FILE_UPDATE

ENTRY_TEXT_FILE_DELETE

ENTRY_TEXT_FILE_UPDATE

ENTRY_TRANSCRIPTION_REQUEST

ENTRY_UPDATE

ENTRY_VIEW

GOOGLE_FILE_DOWNLOAD

GOOGLE_FILE_UPLOAD

GOOGLE_FILE_VIEW

KB_WIKI_CREATION

MINI_APP_ADDED

MINI_APP_DELETED

MINI_APP_UPDATED

MINI_APP_VIEW_ADDED

MINI_APP_VIEW_DELETED

MINI_APP_VIEW_UPDATED

ONEDRIVE_FILE_UPLOAD

ONEDRIVE_FILE_VIEW

PARTNERSHIP_CHANGED

PARTNERSHIP_CREATED

PARTNERSHIP_DELETED

RULESET_CREATED

RULESET_DELETED

RULESET_EXECUTED

RULESET_EXPORTED

RULESET_IMPORTED

RULESET_UPDATED

SYSTEM_SETTING_ACCESS

SYSTEM_SETTINGS_CHANGED

TASK_ADDED

TASK_DELETED

TASK_TABLE_ADDED

TASK_TABLE_DELETED

TASK_TABLE_UPDATED

TASK_UPDATED

TENANT_ACCESS

TENANT_CREATED

TENANT_SETTINGS_CHANGED

TRACK_ACCESS

TRACK_AUTO_ARCHIVE

TRACK_CHANGED

TRACK_COPY

TRACK_CREATED

TRACK_CREATION_SERVICE

TRACK_DELETED

TRACK_JOIN

TRACK_MEMBER_ADD

TRACK_MEMBER_ADD_PENDING

TRACK_MEMBER_ADD_REJECTED

TRACK_MEMBER_DELETE

TRACK_MEMBER_PENDING_ACCEPT

TRACK_MEMBER_PENDING_REJECT

TRACK_MEMBER_UPDATE

TRACK_RESTORE

TRACK_TRANSFER

UI_FLOW_ADDED

UI_FLOW_DELETED

UI_FLOW_UPDATED

USER_ANNOUNCEMENT_CHANGED

USER_ANNOUNCEMENT_CREATED

USER_ANNOUNCEMENT_DELETED

USER_CREATED

USER_GROUP_CREATED

USER_GROUP_DELETED

USER_GROUP_UPDATED

USER_SETTINGS_CHANGED

USER_UPDATED

WEBHOOK_NOTIFICATION_SENT

Action values

FAIL

START

SUCCESS