This RESTful API provides the building blocks that developers need to programmatically integrate CIN with other network elements and systems. The API works over HTTP or HTTPS.
Individual objects that can be manipulated through the API include CIN administrators, service providers, and more. This chapter is a developer reference for connecting a currently used system to CIN.
The API is available at https://<NIU or HA address>/cin/api.
Note
For more information about JSON, see http://json.org/ .
The following shows the base URI and the format used by the API:
Base URI: <niu-ha>/cin/api
Where niu-ha is the host address of the primary NIU.
Following the base URI, the scope and scope ID are added to show which role the actions are to be completed as.
URI Format: /<object>
Many objects will use the following URI: /<object>/<service_provider>/<subscriber>
The API uses the following methods:
GET: Access a resource
PUT: Create or modify a resource
POST: Create a resource
Note
The POST method can be used to import and export data. For more information, see Provisioning.
DELETE: Delete a resource
Note
The DELETE method can be used to archive and purge data. For more information, see Archiving, Restoring, and Purging Data.
POST to <base_uri>/authenticate with the username and password parameters.
For example:
curl -X POST \
-H "Content-Type:application/json" \
<niu-ha>/cin/api/authenticate \
-d '{"username":"<username>","password":"<password>"}'
The response will contain the following:
"data": [
{"token": "<secure-access-token>"}
],
"jsonapi": {"version": "2.0-3",
"name": "Call Intercept",
"short_name": "cin",
"author": "IMSWorkX, Inc."
The secure access token must be passed back as the value of the Authorization header. For example:
Authorization: Basic <secure-access-token>
Note
Tokens expire after 24 hours.
URI Format: <niu-ha>/cin/api/<object>/<object-id>
curl -X GET \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
"http://localhost/cin/api/service_provider/IMSWorkX"
This GET command will provide a 200 message if the specified object exists:
{
"meta": {
"scope": "success",
"code": "200",
"records_page_size": "request.parameters.limit",
"archive": "request.parameters.archive",
"records_page_offset": "request.parameters.offset"
},
"data": [
{
"scope": "number",
"meta": {
"modified_by": "<string>",
"modified": "<datetime>",
"created_by": "<string>",
"created": "<datetime>"
},
"attributes": {
"rules": "<array>",
"timezone": "<string>",
"number": "<string>",
"subscriber_name": "<string>"
}
}
]
}
Tables are lists of objects that can be accessed and modified to affect multiple objects at once.
URI Format: <niu-ha>/cin/api/<object>?<optionalparameters>
Table queries may contain the following parameters, all of which are optional:
{
"sort": {},
"search": {},
"like": {},
"sort_function": {},
"icontains": {},
"limit": {},
"offset": {}
}
A string that defines how a column is ordered. Accepted values are ‘<column_name> ASC’ to be sorted by ascending value or ‘<column_name> DES’ to be sorted by descending value.
A string that is a comma-separated sequence of parameters to search by. There are two formats: ‘:string’ and ‘::’ where the first represents a string search (for example, ‘first_name:Bill’ would find any person with a first name of Bill) and the second represents a between search (for example, ‘customer_number:1000:2000’ would find all records with customer numbers between, but not including, 1000 and 2000). Note that this can also be a datetime object in ISO format.
A string that denotes a value to perform a ‘like’ search. This will perform a substring search on any string fields in the object and return if any of these fields are a partial match.
A string that overrides ‘sort’. Pass in ::{:}*.
A string that is a case insensitive ‘contains’ search. Similar to the ‘search’ parameter, you should pass in a comma-separated list of ‘:string’. Exact search takes precedence. The field being searched must be a string-type variable.
An integer that is the number of records to retrieve at a time. The default value is 10.
An integer that is the number of records to skip from the beginning. The default value is 0.
An example CDR query:
curl -X GET \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
"http://localhost/cin/api/cdr"?offset=0&limit=25&sort=column:asc
The following information is returned after a request to retrieve Call Detail Records (CDRs).
{
"cdr_id": "<string>",
"start_time": "<timestamp>",
"end_time": "<timestamp>",
"additional_data": "<array>",
"service_provider_name": "<string>",
"subscriber_name": "<string>",
"called_party": "<string>",
"calling_party": "<string>",
"events": "<string>"
}
Endpoints
/cin/api/cin_cdr
GET - Retrieve all CDRs that match the specified criteria.
/cin/api/cin_cdr/{service_provider}
GET - Retrieve the CDRs associated with a particular Service Provider.
/cin/api/cin_cdr/{service_provider}/{subscriber}
GET - Retrieve the CDRs associated with a particular Subscriber.
Use the POST command without specifying an object ID to create an object. At this time, the object will be given an object ID that can be modified later.
For example:
curl -X POST \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
<ha_address>/cin/api/service_provider -d \
'{"name": "IMSWorkX", "display_name": "IMSWorkX", "first_name": "Jane", "last_name": "Doe", "email": "example@example.com", "address": "1 Main St. Rochester, NY", "phone": "5858675309", "notes": "more notes"}'
This example POST command will add a new Service Provider named IMSWorkX.
When the PUT command is used and the object ID is included in the command, the object is modified.
For example:
curl -X PUT \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
<ha_address>/cin/api/service_provider/IMSWorkX -d \
'{"first_name": "John", "last_name": "Smith"}'
This example PUT command will change the name of the Service Provider from Jane Doe to John Smith.
The following information is used in the body of a request to create and edit different administrator level users.
{
"username": "John_Doe_admin",
"role_id": "service_provider:exampleserviceprovider",
"first_name": "John",
"last_name": "Doe",
"email": "jdoe@example.com",
"permissions": "default:service_provider"
}
A unique string that is the user name for this user. Limit of 64 characters. Can contain only lowercase characters, numbers, or underscores.
A string that defines the type of administrator that is being created. Accepted values are:
platform_owner
service_provider:<service_provider_name>
subscriber:<service_provider_name>:<subscriber_name>
A string that is the first name of this user. Limit of 250 characters.
A string that is the last name of this user. Limit of 250 characters.
A string that is the email address for this user. Limit of 250 characters.
An array of permission groups that this user is a member of. Permissions are dependent on the specified role_id of the created administrator.
Endpoints
/cin/api/administrator/{role_id}
GET - Retrieve all administrators with the specified role.
POST - Create an administrator with the specified role.
/cin/api/administrator/{role_id}/{username}
GET - Retrieve the administrator with the specified role and user name.
PUT - Modify the administrator if it exists, otherwise create the administrator.
DELETE - Archive the specified administrator.
/cin/api/administrator/{role_id}/{username}/reset
POST - Reset this user’s password, returning a reset token.
The following information is used in the body of a request to create and edit different Service Providers.
Note
These are not administrator accounts.
{
"name": "exampleserviceprovider",
"display_name": "JSMITH",
"first_name": "John",
"last_name": "Smith",
"email": "jsmith@example.com",
"address": "123 Main St",
"phone": "5851231234",
"notes": "Any string here",
}
A unique string that is the name of this Service Provider. Limit of 64 characters.
An unconstrained string used as a display name. Limit of 250 characters.
A string that is the first name of a contact for this Service Provider. Limit of 250 characters.
A string that is the last name of a contact for this Service Provider. Limit of 250 characters.
A string that is the email address of this Service Provider, where notifications and password reset requests will be sent. Limit of 250 characters.
A string that is the physical address of this Service Provider. Limit of 250 characters.
A string that is the primary phone number of this Service Provider. Limit of 250 characters.
A string that is a free-form notes field. Limit of 2048 characters.
Endpoints
/cin/api/service_provider
GET - Retrieve all Service Providers.
POST - Create a new Service Provider.
/cin/api/service_provider/{name}
GET - Retrieve the Service Provider with the specified name.
PUT - Modify the Service Provider if it exists, otherwise create the Service Provider.
DELETE - Archive the specified Service Provider.
The following information is used in the body of a request to create and edit different Subscribers.
Note
These are not administrator accounts.
{
"name": "examplesubscriber",
"display_name": "ExampleSubscriber",
"service_provider_name": "exampleserviceprovider",
"first_name": "Jane",
"last_name": "Doe",
"email": "jdoe@example.com",
"address": "123 Main St",
"phone": "5851234321",
"notes": "This is an example Subscriber.",
"voicemail": [],
"service_enabled": true
}
A unique string that is the name of this Subscriber. Limit of 64 characters.
An unconstrained string used as a display name. Limit of 250 characters.
A unique string that is the name of the Service Provider for this Subscriber. Must match an existing Service Provider.
A string that is the first name of a contact for this Subscriber. Limit of 250 characters.
A string that is the last name of a contact for this Subscriber. Limit of 250 characters.
A string that is the email address of this Subscriber, where notifications and password reset requests will be sent. Limit of 250 characters.
A string that is the physical address of this Subscriber. Limit of 250 characters.
A string that is the primary phone number of this Subscriber. Limit of 250 characters.
A string that is a free-form notes field. Limit of 2048 characters.
A string that is the voice mail service location for this Subscriber.
A boolean value that determines whether the CIN service is active on this Subscriber’s account.
Endpoints
/cin/api/subscriber/{service_provider_name}
GET - Retrieve all Subscribers owned by the specified Service Provider.
POST - Create a new Subscriber.
/cin/api/subscriber/{service_provider_name}/{name}
GET - Retrieve the Subscriber with the specified name.
PUT - Modify the Subscriber if it exists, otherwise create the Subscriber.
DELETE - Archive the specified Subscriber.
The following information is used in the body of a request to create and edit numbers.
{
"number": "5851239876",
"subscriber_name": "examplesubscriber",
"service_provider_name": "exampleserviceprovider",
"nickname": "optionalname",
"ivr_pin": "1111",
"override_pin": "2222",
"vip": [],
"blocked": []
}
A unique string that must be a valid phone number. Limit of 250 characters.
A unique string that is the name of the Subscriber who uses this number. Must match an existing Subscriber.
A unique string that is the name of the Service Provider for the Subscriber who uses this number. Must match an existing Service Provider.
A string that is an optional display name to identify this number. Limit of 250 characters.
A string that is the PIN used by this number to log in to the IVR interface. This value must be at least 4 digits.
A string that is the PIN used to allow a caller to complete the call when CIN service is enabled. This value must be at least 4 digits.
An array of numbers that are on the VIP list associated with this number. Calls from any number defined in this list will always be allowed.
An array of numbers that are on the blocked list associated with this number. Calls from any number defined in this list will always be blocked.
Endpoints
/cin/api/number
GET - Retrieve all numbers.
/cin/api/number/{service_provider_name}
GET - Retrieve all numbers owned by the specified Service Provider.
POST - Create a new number owned by the specified Service Provider.
/cin/api/number/{service_provider_name}/{subscriber_name}
GET - Retrieve all numbers owned by the specified Subscriber.
POST - Create a new number owned by the specified Subscriber.
/cin/api/number/{service_provider_name}/{subscriber_name}/{number}
GET - Retrieve the specified number.
PUT - Modify the number if it exists, otherwise create the number.
DELETE - Archive the specified number.
The following information is used in the body of a request to edit settings. The following example uses the default values.
{
"menu_forwarding_configuration_file": "/usr/sipxpress/config/cin-menu-forwarding-configuration.yml",
"screening_engine_uri": "http://niu/cin-screening-engine",
"download_directory": "/var/opt/xpressworkx/app-manager/cin/media/download",
"upload_directory": "/var/opt/xpressworkx/app-manager/cin/media/upload",
"job_log_directory": "/var/opt/xpressworkx/app-manager/cin/media/download",
"application_username": "cin_application_manager",
"application_password": "im5_wrkX",
"branding": {
"imsworkx": {
"color_hue": "75",
"highlight_hue": "79",
"logo": "logo.png",
"label": "IMSWorkX, Inc. ®"
}
},
"restworkx": {
"archive_max_days": "7",
"audit_log_directory": "/var/opt/xpressworkx/app-manager/cin/logs/audit-logs/",
"log_duration": "1"
},
"web_settings": {
"help_page": "http://www.imsworkx.com",
"password_length": "8",
"number_mask": "{+DDD }(DDD) DDD-DDDD"
},
"screening_engine": {
"egress_route": "",
"reject_with_media": false,
"sip_routing_prefix": "",
"sip_connection_type": "redirect",
"ring_while_contacting_called_party": "silence",
"redirect_destination": "12345",
"anonymous_treatment": "screen",
"nomatch_treatment": "screen"
}
"cin_settings": {
"csv_retention_days": 30
},
"csr_location": "sip:csr@localhost"
}
The following settings are set automatically during installation and should not need to be changed:
menu_forwarding_configuration_file
screening_engine_uri
download_directory
upload_directory
job_log_directory
application_username
application_password
Contains settings related to the look and feel of the website using the following parameters:
imsworkx: The default appearance settings. Additional fields can be added at this level under different names, which can then be appended to the URL for custom branding.
color_hue: (Integer) This will change the primary color used on the site. This value is a number between 0 and 360, using the HSL model where 0 is red, 120 is green, and 240 is blue.
highlight_hue: (Integer) This will change the secondary color used on the site. This value is a number between 0 and 360, using the HSL model where 0 is red, 120 is green, and 240 is blue.
logo: (String) Filename for the logo that will appear in the upper, left corner of the website. The image must be a PNG file and placed in the /var/opt/xpressworkx/app-manager/cin/static/img/ directory.
label: (String) The message displayed in the upper, right corner of the website. This is generally a company name.
Contains settings related to the platform and database.
archive_max_days: (Integer) Number of days to keep records in the archive table.
log_duration: (Integer) Number of days before rotating the log file.
audit_log_directory: (String) Should not be changed.
Contains settings for elements on the website.
help_page: (String) URL for the web page that is linked in the “Help” button on the upper, right corner of the page.
password_length: (Integer) Minimum number of characters allowed in a password.
number_mask: (String) Determines how phone numbers appear. Lowercase ‘d’ represents a digit 0-9. Uppercase ‘D’ represents a digit 0-9 or an ‘X’ (denoting any digit). A lowercase ‘x’ denotes any character. Braces ({}) denote an optional grouping that will only be filled after all other groupings are filled. All other characters are taken literally as they are written but are not taken as part of the value when saving. Treat these as visual separators only.
Contains settings used to determine call flow.
egress_route: (String) The host to use when connecting a call to the called party.
reject_with_media: (Boolean) If true, any disconnect treatments will play a message before disconnecting the call.
sip_routing_prefix: (String) A value prepended to the called party’s SIP address when connecting a call to the called party.
sip_connection_type: (String) The type of connection to use for routing.
ring_while_contacting_called_party: (String: “silence”, “ulaw”, “alaw”) What to play while the called party is being presented with the recorded greeting menu. Available options are Silence, μLaw 440/480 Hz Ringtone, or aLaw 440/480 Hz Ringtone.
redirect_destination: (String) Specifies the destination address a SIP redirect message will be sent. This address will allow the use of the IVR.
anonymous_treatment: (String) The routing behavior for any call determined to be anonymous. A call is considered to be anonymous when the calling number either has “anonymous” populated in the user part of the From header or has a Privacy header configured.
nomatch_treatment: (String) The routing behavior for any call determined to be unknown. A call is considered to be unknown when the calling number is not on the VIP or blocked number list.
Contains settings specific to the Call Intercept service.
csv_retention_days: (Integer) The number of days CSVs for imports and exports will be kept on the system.
(String) SIP URI of the customer service destination.
Endpoints
/cin/api/settings/
GET - Retrieve the settings for the current user.
PUT - Modify the settings.
The following common responses may be encountered while using the CIN API. The format of these responses may look different from the documented examples based on the tool used to make API calls.
Note
Many HTTP responses are a 200 OK due to the call to the API being successful. It is important to read the body of the response as it could contain an error.
When making an API call to a server that does not have CIN installed, the following message will be seen.
curl -X POST \
-H "Content-Type:application/json" \
<niu-ha>/cin/api/authenticate \
-d '{"username":"<username>","password":"<password>"}'
-v
< HTTP/1.1 404 Not Found
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Content-Length: 412
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /cin/api/authenticate was not found on this server.</p>
</body></html>
Note
This response is not controlled by the CIN API and is entirely an HTTP response.
When logging in to the API with incorrect or missing information, the following message will be seen.
curl -X POST \
-d '{"username":"cin_administrator"}' \
localhost/cin/api/authenticate
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: cin_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/cin
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"scope": "exception",
"message": "The username and password provided were not correct.",
"code": 401,
"encoding": "ascii"
},
"jsonapi": {
"version": "1.2-11",
"name": "Call Intercept",
"short_name": "cin",
"author": "IMSWorkX, Inc."
}
}
When preforming a GET for data that has not been provisioned, the following message will be seen.
curl -X GET \
-H "Authorization: Basic <secure-access-token>" \
localhost/cin/api/service_provider/service_test45 \
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: cin_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/cin
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"code": 200,
"encoding": "ascii",
"zoom": 0,
"records_shown": 0,
"records_total": 0,
"scope": "success",
"message": "",
"archive": false,
"authorization": "Basic <secure-access-token>"
},
"data": [],
"jsonapi": {
"version": "1.2-11",
"name": "Call Intercept",
"short_name": "cin",
"author": "IMSWorkX, Inc."
}
}
Note
This is technically a successful call to the API, thus the 200 code return.
When creating an object that does not exist (for example, servi instead of service_provider), the following message will be seen.
curl -X GET \
-H "Authorization: Basic <secure-access-token>" \
localhost/cin/api/servi
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: cin_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/cin
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"scope": "exception",
"message": "No object 'servi' exists.",
"code": "404"
},
"jsonapi": {
"version": "1.2-11",
"name": "Call Intercept",
"short_name": "cin",
"author": "IMSWorkX, Inc."
}
}
If a required field is missing when creating an object, the following message will be seen.
curl -X POST \
-H "Authorization: Basic <secure-access-token>" \
localhost/cin/api/service_provider \
-d '{"last_name":"api_test"}' \
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: cin_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/cin
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"scope": "exception",
"message": "ServiceProvider(): Field 'name' is required, but missing.",
"code": 400,
"encoding": "ascii"
},
"jsonapi": {
"version": "1.2-11",
"name": "Call Intercept",
"short_name": "cin",
"author": "IMSWorkX, Inc."
}
}
When making a call with a method that is not valid at the specific endpoint, the following message will be seen.
curl -X GE \
-H "Authorization: Basic <secure-access-token>" \
localhost/cin/api/service_provider/service_test45 \
-v
< HTTP/1.1 405 METHOD NOT ALLOWED
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Allow: GET, POST, PUT, DELETE
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Length: 0
< Content-Type: text/html; charset=utf-8
< Set-Cookie: cin_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/cin
<
* Connection #0 to host localhost left intact
* Closing connection #0
When making a successful API call, the following message will be seen.
curl -X GET \
-H "Authorization: Basic <secure-access-token>" \
localhost/cin/api/service_provider/ \
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: cin_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/cin
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"code": 200,
"encoding": "ascii",
"zoom": 0,
"records_page_offset": 0,
"records_shown": 1,
"records_total": 1,
"scope": "success",
"message": "",
"archive": false,
"authorization": "Basic <secure-access-token>",
"records_page_size": 10
},
"data": [{
<DATA FROM OBJECT>
}],
"jsonapi": {
"version": "1.2-11",
"name": "Call Intercept",
"short_name": "cin",
"author": "IMSWorkX, Inc."
}
}
The above responses can be seen as responses from a stable CIN API. If you encounter other undocumented API errors, please contact support@imsworkx.com with the API call and output.
Audit logs are generated every day by default and are stored as a CSV file. By default, these files are located in /var/opt/xpressworkx/app-manager/cin/logs/audit-logs and are named audit-<year>.<month>.<day>.log.