1 Introduction
1.1 About REST Services
FOIAXpress REST Services allows developers to monitor system events using simple HTTP methods. These services provide the capability to query system data like user login records and user actions records so that enterprise monitoring applications can monitor system events.
The system information related REST Services are secured over HTTPS with Windows authentication, which uses the local account for authentication. Further details are provided in the āAuthenticationā section. All actions are audited similarly to auditing in the FOIAXpress application.
1.2 FOIAXpress Audit Log REST Resources and URIs
Each web method in the REST Services is identified by a named Uniform Resource Identifier (URI) and is accessed using standard HTTP method GET. For example, you can get system information like user login records or user action records.
REST Services are based on the configured method and their URIs. The REST URI formats are shown below:
Type | Format |
|---|---|
Base URI | https://<FOIAXpressServerDNSName>/apiex/AuditLog/ |
System Data Resource URI | https://<FOIAXpressServerDNSName>/apiex/AuditLog/<methodName>?parameters |
1.3 Authentication
All REST Services calls performed to retrieve any system data are required to be authenticated. All REST operations are performed in a valid user context. Access and authorization control for users is required to be configured for local accounts by the application administrators. Windows Authentication (SSO) is used for security. The access is also IP restricted to prevent any system data leaks. The REST service calls should be secured through Web service authentication and SSL/TLS certificates.
A valid user may be prompted for their local/AD account login credentials when making the REST service calls.
2 System Data Services
The methods described in the following subsections provide access to system information. In all the GET requests provided below, the response can be received in a JSON or XML format by setting the value of āAcceptā parameter (present in the request header) to either āapplication/jsonā or āapplication/xmlā respectively. The default return value for all the requests is JSON, however requests made in the browser might return XML formatted data.
2.1 GetSystemTime
This is a helper service which retrieves the current System time. It can be used for getting the start/end date parameter values for other requests, so as not to have gaps between iterations (further details outlined below).
Sample HTTP GET Request:
https://fxserver.ains.com/apiex/AuditLog/GetSystemTime
Result:
"2020-07-31T17:51:11"
2.2 GetUserActions
Gets the record of User Actions between the specified start and end date. The dates should be supplied in C#ās DateTime format, as outlined in the sample below. Start date of the current iteration will be the end date of the previous iteration. End date of the current iteration will be the GetSystemDate response, to avoid gaps in iterations.
Sample HTTP GET Request:
https://fxserver.ains.com/apiex/AuditLog/GetUserActions?startDate=2021-12- 05T23:55:02.903&endDate=2022-07-05T23:55:02.903
Result:
[
System Data Services
{
"Id": 35556,
"ActionTime": "2022-04-27T15:49:07.66",
"ActionPerformed": "Request Status Report Raw Data generated.", "ActionBy": "nsoileau",
"ActionOffice": "Ains"
},
{
"Id": 35555,
"ActionTime": "2022-04-27T15:49:01.143",
"ActionPerformed": "Requests Status Report generated.", "ActionBy": "nsoileau",
"ActionOffice": "Ains"
},
{
"Id": 35554,
"ActionTime": "2022-04-27T15:23:44.543",
"ActionPerformed": "User amekala successfully logged in..", "ActionBy": "amekala",
"ActionOffice": "Ains"
}
]
2.3 GetUserLogins
Gets the record of User Logins between the specified start and end date. The dates should be supplied in DateTime format, as outlined in the sample below. Start date of the current iteration will be the end date of the previous iteration. End date of the current iteration will be the GetSystemDate response, to avoid gaps in iterations. The LogoutTime value will be ā-ā if the user is still logged in.
Sample HTTP GET Request:
https://fxserver.ains.com/apiex/AuditLog/GetUserLogins?startDate=2021-12- 05T23:55:02.903&endDate=2022-07-05T23:55:02.903
System Data Services
Result:
[
{
"Id": 388152,
"UserName": "Milbourne, Marcus", "ActionOffice": "Ains", "WorkStation": "192.168.5.45", "LoginTime": "3/9/2022 3:00:31 PM",
"LogoutTime": "3/9/2022 4:06:52 PM", "Duration": "01:06:21"
},
{
"Id": 388144,
"UserName": "Soileau, Nick", "ActionOffice": "Ains", "WorkStation": "192.168.4.115", "LoginTime": "3/9/2022 2:53:59 PM",
"LogoutTime": "3/9/2022 4:06:52 PM", "Duration": "01:12:53"
},
{
"Id": 388143,
"UserName": "Soileau, Nick", "ActionOffice": "Ains", "WorkStation": "192.168.4.115", "LoginTime": "3/9/2022 2:53:53 PM",
"LogoutTime": "3/9/2022 4:06:52 PM", "Duration": "01:12:59"
},
]
System Data Services
2.4 Enable Audit Log API
Audit Log API is not enabled by default due to security reasons. You can enable it by logging into the application at Administration > Security > Security Configuration:
Select the (A) Enable Audit Log API checkbox, then click (B) Save to save the changes.