This RESTful API provides the building blocks that developers need to programmatically integrate ECF with other network elements and systems. The API works over HTTP or HTTPS.
Individual objects that can be manipulated through the API include ECF administrators, service providers, and more. This chapter is a developer reference for connecting a currently used system to ECF.
The API is available at https://<NIU or HA address>/ecf/api.
Note
For more information about JSON, see http://json.org/
The following shows the base URI and the format used by the API:
Base URI: <niu-ha>/ecf/api
Where niu-ha is the host address of the primary NIU.
Following the base URI, the scope and scope ID are added to show which role the actions are to be completed as.
URI Format: /<object>
Many objects will use the following URI: /<object>/<service_provider>/<subscriber>
The API uses the following methods:
GET: Access a resource
PUT: Create or modify a resource
POST: Create a resource
Note
The POST method can be used to import and export data. For more information, see Provisioning.
DELETE: Delete a resource
Note
The DELETE method can be used to archive and purge data. For more information, see Archiving, Restoring, and Purging Data.
POST to <base_uri>/authenticate with the username and password parameters.
For example:
curl -X POST \
-H "Content-Type:application/json" \
<niu-ha>/ecf/api/authenticate \
-d '{"username":"<username>","password":"<password>"}'
The response will contain the following:
"data": [
{"token": "<secure-access-token>"}
],
"jsonapi": {"version": "2.0-3",
"name": "Enhanced Call Forwarding",
"short_name": "ecf",
"author": "IMSWorkX, Inc."
The secure access token must be passed back as the value of the Authorization header. For example:
Authorization: Basic <secure-access-token>
Note
Tokens expire after 24 hours.
URI Format: <niu-ha>/ecf/api/<json-api-version>/<object>/<object-id>
curl -X GET \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
"http://localhost/ecf/api/service_provider/IMSWorkX"
This GET command will provide a 200 message if the specified object exists:
{
"meta": {
"scope": "success",
"code": "200",
"records_page_size": "request.parameters.limit",
"archive": "request.parameters.archive",
"records_page_offset": "request.parameters.offset"
},
"data": [
{
"scope": "number",
"meta": {
"modified_by": "<string>",
"modified": "<datetime>",
"created_by": "<string>",
"created": "<datetime>"
},
"attributes": {
"rules": "<array>",
"timezone": "<string>",
"number": "<string>",
"subscriber_name": "<string>"
}
}
]
}
Tables are lists of objects that can be accessed and modified to affect multiple objects at once.
URI Format: <niu-ha>/ecf/api/<object>?<optionalparameters>
Table queries may contain the following parameters, all of which are optional:
{
"sort": {},
"search": {},
"like": {},
"sort_function": {},
"icontains": {},
"limit": {},
"offset": {}
}
A string that defines how a column is ordered. Accepted values are ‘<column_name> ASC’ to be sorted by ascending value or ‘<column_name> DES’ to be sorted by descending value.
A string that is a comma-separated sequence of parameters to search by. There are two formats: ‘:string’ and ‘::’ where the first represents a string search (for example, ‘first_name:Bill’ would find any person with a first name of Bill) and the second represents a between search (for example, ‘customer_number:1000:2000’ would find all records with customer numbers between, but not including, 1000 and 2000). Note that this can also be a datetime object in ISO format.
A string that denotes a value to perform a ‘like’ search. This will perform a substring search on any string fields in the object and return if any of these fields are a partial match.
A string that overrides ‘sort’. Pass in ::{:}*.
A string that is a case insensitive ‘contains’ search. Similar to the ‘search’ parameter, you should pass in a comma-separated list of ‘:string’. Exact search takes precedence. The field being searched must be a string-type variable.
An integer that is the number of records to retrieve at a time. The default value is 10.
An integer that is the number of records to skip from the beginning. The default value is 0.
An example CDR query:
curl -X GET \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
"http://localhost/ecf/api/cdr"?offset=0&limit=25&sort=column:asc
The following information is returned after a request to retrieve Call Detail Records (CDRs).
{
"original_called_number": "<string>",
"called_number": "<string>",
"calling_number": "<string>",
"start_time": "<timestamp>",
"end_time": "<timestamp>",
"route": "<json>",
"service_provider_name": "<string>",
"subscriber_name": "<string>",
"cdrs": "<array>"
}
Endpoints
/ecf/api/ecf_cdr
GET - Retrieve all CDRs that match the specified criteria.
/ecf/api/ecf_cdr/{service_provider_name}
GET - Retrieve the CDRs associated with a particular Service Provider.
/ecf/api/ecf_cdr/{service_provider_name}/{subscriber_name}
GET - Retrieve the CDRs associated with a particular Subscriber.
/ecf/api/ecf_cdr/{service_provider_name}/{subscriber_name}/{original_called_number}
GET - Retrieve the CDRs associated with a particular originally called number.
Use the POST command without specifying an object ID to create an object. At this time, the object will be given an object ID that can be modified later.
For example:
curl -X POST \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
<ha_address>/ecf/api/service_provider -d \
'{"name": "IMSWorkX", "display_name": "IMSWorkX", "first_name": "Jane", "last_name": "Doe", "email": "example@example.com", "address": "1 Main St. Rochester, NY", "phone": "5858675309", "notes": "more notes"}'
This example POST command will add a new Service Provider named IMSWorkX.
When the PUT command is used and the object ID is included in the command, the object is modified.
For example:
curl -X PUT \
-H "Content-Type:application/json" \
-H "Authorization:Basic <secure-access-token>" \
<ha_address>/ecf/api/service_provider/IMSWorkX -d \
'{"first_name": "John", "last_name": "Smith"}'
This example PUT command will change the name of the Service Provider from Jane Doe to John Smith.
The following information is used in the body of a request to create and edit different administrator level users.
{
"username": "John_Doe_admin",
"role_id": "service_provider:exampleserviceprovider",
"first_name": "John",
"last_name": "Doe",
"email": "jdoe@example.com",
"permissions": "default:service_provider"
}
A unique string that is the user name for this user. Limit of 64 characters. Can contain only lowercase characters, numbers, or underscores.
A string that defines the type of administrator that is being created. Accepted values are:
platform_owner
service_provider:<service_provider_name>
subscriber:<service_provider_name>:<subscriber_name>
A string that is the first name of this user. Limit of 250 characters.
A string that is the last name of this user. Limit of 250 characters.
A string that is the email address for this user. Limit of 250 characters.
An array of permission groups that this user is a member of. Permissions are dependent on the specified role_id of the created administrator.
Endpoints
/ecf/api/administrator/{role_id}
GET - Retrieve all administrators with the specified role.
POST - Create an administrator with the specified role.
/ecf/api/administrator/{role_id}/{username}
GET - Retrieve the administrator with the specified role and user name.
PUT - Modify the administrator if it exists, otherwise create the administrator.
DELETE - Archive the specified administrator.
/ecf/api/administrator/{role_id}/{username}/reset
POST - Reset this user’s password, returning a reset token.
The following information is used in the body of a request to create and edit different Service Providers.
Note
These are not administrator accounts.
{
"name": "exampleserviceprovider",
"display_name": "JSMITH",
"first_name": "John",
"last_name": "Smith",
"email": "jsmith@example.com",
"address": "123 Main St",
"phone": "5851231234",
"notes": "Any string here",
}
A unique string that is the name of this Service Provider. Limit of 64 characters.
An unconstrained string used as a display name. Limit of 250 characters.
A string that is the first name of a contact for this Service Provider. Limit of 250 characters.
A string that is the last name of a contact for this Service Provider. Limit of 250 characters.
A string that is the email address of this Service Provider, where notifications and password reset requests will be sent. Limit of 250 characters.
A string that is the physical address of this Service Provider. Limit of 250 characters.
A string that is the primary phone number of this Service Provider. Limit of 250 characters.
A string that is a free-form notes field. Limit of 2048 characters.
Endpoints
/ecf/api/service_provider
GET - Retrieve all Service Providers.
POST - Create a new Service Provider.
/ecf/api/service_provider/{name}
GET - Retrieve the Service Provider with the specified name.
PUT - Modify the Service Provider if it exists, otherwise create the Service Provider.
DELETE - Archive the specified Service Provider.
The following information is used in the body of a request to create and edit different Subscribers.
Note
These are not administrator accounts.
{
"service_provider_name": "exampleserviceprovider",
"name": "examplesubscriber",
"pin": "1234",
"timezone": "",
"call_manager": false,
"screening": {"active": true, "pin": "2222"},
"account_lock": false,
"first_name": "Jane",
"last_name": "Doe",
"display_name": "ExampleSubscriber",
"phone": "5851234321",
"address": "123 Main St",
"email": "jdoe@example.com",
"speed_call_numbers": [],
"acceptance_lists": [],
"schedules": [],
"default_number": "1234567890",
"params": [],
"notes": "This is an example Subscriber."
}
A unique string that is the name of the Service Provider for this Subscriber. Must match an existing Service Provider.
A unique string that is the name of this Subscriber. Limit of 64 characters.
A string that is the PIN used by this Subscriber to log in to the IVR interface.
A string that is the time zone used by the Subscriber to determine call forwarding.
A boolean value that determines whether this Subscriber can access additional features such as creating acceptance lists and forwarding schedules.
A JSON object defining call screening behavior containing the following parameters:
active: A boolean value that determines whether call screening is active for this Subscriber.
pin: A 4-digit string that a caller must dial to be forwarded.
A boolean value that determines whether this Subscriber account is locked after entering an invalid PIN too many times.
A string that is the first name of a contact for this Subscriber. Limit of 250 characters.
A string that is the last name of a contact for this Subscriber. Limit of 250 characters.
An unconstrained string used as a display name. Limit of 250 characters.
A string that is the primary phone number of this Subscriber. Limit of 250 characters.
A string that is the physical address of this Subscriber. Limit of 250 characters.
A string that is the email address of this Subscriber, where notifications and password reset requests will be sent. Limit of 250 characters.
An array of speed call numbers that this Subscriber commonly forwards calls to.
An array of entries that define the acceptance list for this Subscriber, which are numbers that will always be forwarded regardless of the applied routing rules, containing the following parameters:
entries: An array numbers that are in the caller acceptance list.
active: A boolean value that determines whether the call acceptance list is active for this Subscriber.
An array of entries that define the forwarding schedule for this Subscriber containing the following parameters:
entries:
start: A string that is the start time for the schedule, in HH:MM.
end: A string that is the end time for the schedule, in HH:MM.
day: A string that are the days of the week this schedule applies to. Accepted values are MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY, and SUNDAY.
number: A string that is the number all calls are forwarded to during the time that this schedule is active.
active: A boolean value that determines whether the forwarding schedule is active for this Subscriber.
A string that is the number calls will be forwarded to when no plans are active.
A JSON object of always active routing parameters for this Subscriber.
A string that is a free-form notes field. Limit of 2048 characters.
Endpoints
/ecf/api/subscriber/{service_provider_name}
GET - Retrieve all Subscribers owned by the specified Service Provider.
POST - Create a new Subscriber.
/ecf/api/subscriber/{service_provider_name}/{name}
GET - Retrieve the Subscriber with the specified name.
PUT - Modify the Subscriber if it exists, otherwise create the Subscriber.
DELETE - Archive the specified Subscriber.
The following information is used in the body of a request to edit settings. The following example uses the default values.
{
"menu_forwarding_configuration_file": "/usr/sipxpress/config/ecf-menu-forwarding-configuration.yml",
"routing_engine_uri": "http://niu/ecf-routing-engine",
"download_directory": "/var/opt/xpressworkx/app-manager/ecf/media/download",
"upload_directory": "/var/opt/xpressworkx/app-manager/ecf/media/upload",
"job_log_directory": "/var/opt/xpressworkx/app-manager/ecf/media/download",
"default_route_on": "1",
"application_username": "ecf_application_manager",
"application_password": "im5_wrkX",
"routing_interface_impl": "com.imsworkx.routingEngine.callflow.HttpClient",
"branding": {
"imsworkx": {
"color_hue": "202",
"highlight_hue": "198",
"logo": "logo.png",
"label": "Evolve Cellular Inc. ®"
}
},
"restworkx": {
"archive_max_days": "7",
"audit_log_directory": "/var/opt/xpressworkx/app-manager/ecf/logs/audit-logs/",
"log_duration": "1"
},
"web_settings": {
"help_page": "http://www.imsworkx.com",
"password_length": "8",
},
"ecf_settings": {
"use_contact": true,
"csr_location": "",
"pin_max": 4,
"pin_min": 4,
"pin_retries": 3,
"speed_call_max": 3,
"pin_length": 4,
"csv_retention_days": 30
}
"security": {
"client_cert": null,
"client_key": null,
"ca_bundle": null,
"allow_insecure": false
},
"routing_engine": {
"refer_timeout": 30,
"egress_route": "",
"default_no_route_behavior": "404",
"redirect_address": "",
"point_code_format": "ansi",
"sip_routing_prefix": "",
"sip_connection_type": "redirect",
"sip_play_media_on_error": true,
}
"ecf_logging": {
"rsyslog_host": "localhost",
"rsyslog_port": 514,
"rsyslog_protocol": "TCP",
"rsyslog_facility": "LOCAL0",
"rsyslog_level": "INFO"
}
"email_settings": {
"use_email": false,
"host": "",
"user": "",
"port": "",
"password": "",
"use_tls": false,
"messages": {
"recover": {
"subject": "Recover Your Account",
"headline": "Account Recovery",
"message": "Click the link below to recover your account."
},
"activate": {
"subject": "Activate Your Account",
"headline": "Account Activation",
"message": "Click the link below to activate your account."
}
}
}
}
The following settings are set automatically during installation and should not need to be changed:
menu_forwarding_configuration_file
routing_engine_uri
download_directory
upload_directory
job_log_directory
application_username
application_password
routing_interface_impl
Contains settings related to the look and feel of the website using the following parameters:
imsworkx: The default appearance settings. Additional fields can be added at this level under different names, which can then be appended to the URL for custom branding.
color_hue: (Integer) This will change the primary color used on the site. This value is a number between 0 and 360, using the HSL model where 0 is red, 120 is green, and 240 is blue.
highlight_hue: (Integer) This will change the secondary color used on the site. This value is a number between 0 and 360, using the HSL model where 0 is red, 120 is green, and 240 is blue.
logo: (String) Filename for the logo that will appear in the upper, left corner of the website. The image must be a PNG file and placed in the /var/opt/xpressworkx/app-manager/ecf/static/img/ directory.
label: (String) The message displayed in the upper, right corner of the website. This is generally a company name.
Contains settings related to the platform and database.
archive_max_days: (Integer) Number of days to keep records in the archive table.
log_duration: (Integer) Number of days before rotating the log file.
audit_log_directory: (String) Should not be changed.
Contains settings for elements on the website.
help_page: (String) URL for the web page that is linked in the “Help” button on the upper, right corner of the page.
password_length: (Integer) Minimum number of characters allowed in a password.
Contains settings specific to the Enhanced Call Forwarding service.
use_contact: (Boolean) If true, the host from the Contact header of the INVITE will be used as the egress_route.
csr_location: (String) SIP URI of the customer service destination.
pin_max: (Integer) The maximum PIN length.
pin_min (Integer) The minimum PIN length.
pin_retries: (Integer) The number of allowed retries for entering the correct PIN before account lockout.
speed_call_max: (Integer) The maximum number of speed call numbers allowed per account.
pin_length (Integer): The length of the PIN.
csv_retention_days: (Integer) The number of days CSVs for imports and exports will be kept on the system.
Contains settings related to SSL configuration.
client_cert: (String) File location of the client’s certificate.
client_key: (String) File location of the key used for the client’s certificate.
ca_bundle: (String) File location of the root certificate. This is the only setting that matters when SSL is configured by the configure-ssl command and is automatically set by that script.
allow_insecure: (Boolean) If true, the web UI will not check the NIU’s certificate against the configured ca_bundle when making API calls.
Contains settings used to determine call flow.
refer_timeout: (Integer) The length of time, in seconds, to wait for a Refer before timing out and ending the call.
egress_route: (String) The host to use when connecting a call to the called party.
default_no_route_behavior: (String) The default behavior for SIP calls when no route is found for the call. The options available directly correspond to SIP final response codes.
redirect_address: (String) The address a SIP redirect message will be sent.
point_code_format: (String: “ansi”, “itu”) The format that point codes will be in.
sip_routing_prefix: (String) A prefix value added to the call during the call processing.
sip_connection_type: (String) The type of SIP connection.
sip_play_media_on_error: (String) The sounds a subscriber will hear as the called party is answering.
Contains settings for automated email messages for password changes.
use_email: (Boolean) If true, activation and recovery email messages will be sent.
host: (String) Host for email client to send messages through.
user: (String) Username for email service that messages will be sent through.
port: (Integer) Port used for email host.
password: (String) Password for the email user.
use_tls: (Boolean) If true, TLS encryption will be used for the email.
messages: Contains settings for the contents of the email message.
recover: Contains settings for the contents of the email message sent when an account’s password is reset.
subject: (String) Subject line of the recovery email message.
headline: (String) Header of the recovery email message body.
message: (String) Message of the recovery email message.
activate: Contains settings for the contents of the email message sent when an account is created.
subject: (String) Subject line of the activation email message.
headline: (String) Header of the activation email message body.
message: (String) Message of the activation email message.
Endpoints
/ecf/api/settings/
GET - Retrieve the settings for the current user.
PUT - Modify the settings.
The following common responses may be encountered while using the ECF API. The format of these responses may look different from the documented examples based on the tool used to make API calls.
Note
Many HTTP responses are a 200 OK due to the call to the API being successful. It is important to read the body of the response as it could contain an error.
When making an API call to a server that does not have ECF installed, the following message will be seen.
curl -X POST \
-H "Content-Type:application/json" \
<niu-ha>/ecf/api/authenticate \
-d '{"username":"<username>","password":"<password>"}'
-v
< HTTP/1.1 404 Not Found
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Content-Length: 412
< Content-Type: text/html; charset=iso-8859-1
<
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /ecf/api/authenticate was not found on this server.</p>
</body></html>
Note
This response is not controlled by the ECF API and is entirely an HTTP response.
When logging in to the API with incorrect or missing information, the following message will be seen.
curl -X POST \
-d '{"username":"ecf_administrator"}' \
localhost/ecf/api/authenticate
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: ecf_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/ecf
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"scope": "exception",
"message": "The username and password provided were not correct.",
"code": 401,
"encoding": "ascii"
},
"jsonapi": {
"version": "1.2-11",
"name": "Enhanced Call Forwarding",
"short_name": "ecf",
"author": "IMSWorkX, Inc."
}
}
When preforming a GET for data that has not been provisioned, the following message will be seen.
curl -X GET \
-H "Authorization: Basic <secure-access-token>" \
localhost/ecf/api/service_provider/service_test45 \
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: ecf_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/ecf
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"code": 200,
"encoding": "ascii",
"zoom": 0,
"records_shown": 0,
"records_total": 0,
"scope": "success",
"message": "",
"archive": false,
"authorization": "Basic <secure-access-token>"
},
"data": [],
"jsonapi": {
"version": "1.2-11",
"name": "Enhanced Call Forwarding",
"short_name": "ecf",
"author": "IMSWorkX, Inc."
}
}
Note
This is technically a successful call to the API, thus the 200 code return.
When creating an object that does not exist (for example, servi instead of service_provider), the following message will be seen.
curl -X GET \
-H "Authorization: Basic <secure-access-token>" \
localhost/ecf/api/servi
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: ecf_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/ecf
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"scope": "exception",
"message": "No object 'servi' exists.",
"code": "404"
},
"jsonapi": {
"version": "1.2-11",
"name": "Enhanced Call Forwarding",
"short_name": "ecf",
"author": "IMSWorkX, Inc."
}
}
If a required field is missing when creating an object, the following message will be seen.
curl -X POST \
-H "Authorization: Basic <secure-access-token>" \
localhost/ecf/api/service_provider \
-d '{"last_name":"api_test"}' \
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: ecf_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/ecf
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"scope": "exception",
"message": "ServiceProvider(): Field 'name' is required, but missing.",
"code": 400,
"encoding": "ascii"
},
"jsonapi": {
"version": "1.2-11",
"name": "Enhanced Call Forwarding",
"short_name": "ecf",
"author": "IMSWorkX, Inc."
}
}
When making a call with a method that is not valid at the specific endpoint, the following message will be seen.
curl -X GE \
-H "Authorization: Basic <secure-access-token>" \
localhost/ecf/api/service_provider/service_test45 \
-v
< HTTP/1.1 405 METHOD NOT ALLOWED
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Allow: GET, POST, PUT, DELETE
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Length: 0
< Content-Type: text/html; charset=utf-8
< Set-Cookie: ecf_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/ecf
<
* Connection #0 to host localhost left intact
* Closing connection #0
When making a successful API call, the following message will be seen.
curl -X GET \
-H "Authorization: Basic <secure-access-token>" \
localhost/ecf/api/service_provider/ \
-v
< HTTP/1.1 200 OK
< Date: <datetime>
< Server: Apache/2.2.15 (CentOS)
< Expires: <datetime>
< Vary: Cookie
< Cache-Control: max-age=0
< Last-Modified: <datetime>
< Content-Type: application/json
< Set-Cookie: ecf_sessionid=<cookie>; expires=<datetime>; httponly; Max-Age=1209600; Path=/ecf
< Transfer-Encoding: chunked
<
* Connection #0 to host localhost left intact
* Closing connection #0
{"meta": {
"code": 200,
"encoding": "ascii",
"zoom": 0,
"records_page_offset": 0,
"records_shown": 1,
"records_total": 1,
"scope": "success",
"message": "",
"archive": false,
"authorization": "Basic <secure-access-token>",
"records_page_size": 10
},
"data": [{
<DATA FROM OBJECT>
}],
"jsonapi": {
"version": "1.2-11",
"name": "Enhanced Call Forwarding",
"short_name": "ecf",
"author": "IMSWorkX, Inc."
}
}
The above responses can be seen as responses from a stable ECF API. If you encounter other undocumented API errors, please contact support@imsworkx.com with the API call and output.
Audit logs are generated every day by default and are stored as a CSV file. By default, these files are located in /var/opt/xpressworkx/app-manager/ecf/logs/audit-logs and are named audit-<year>.<month>.<day>.log.