...
The Usage Log API is an API that can be used to store any usage-related logs.
...
Usage log is now being used as a component in the WebViewer. For information regarding how to set it up in the WebViewer, please refer to: Technical instruction - WebViewer Usage Log
II. Installation
| Info |
|---|
Requirements: If it’s your first time installing .NET Core apps on a server, you might want to read this first: https://signifikant.atlassian.net/wiki/x/BQCIqw |
They are two ways of installing the API. The first way is using remote publishing in Visual Studio, and the second way is by manually copying files to the IIS directory.
...
Auth: Used to configure how access to the API is granted. Any use of the API requires the user to provide a specific API key.ConnectionStrings
Secret:
The secret is
different from the API key, it is actually used to generate and sign the key to make sure it is legitimate.
Issuer: The issuer is the hostname/domain of the server where the API is hosted.
ConnectionStrings: This is the part that is going to interest us the most. The only connection string we have is the one to the UsageLog database, which is where all logs are stored. That connection string can be mostly left as is, but you will need to set your SQL Server host so that the API can successfully connect to the database. Simply replace
<MY_SERVER>with your SQL Server host.
...
JWT tokens can be generated easily using https://jwt.io/.
The following screenshot illustrates how to generate an API key:
...
You have two tabs:
Encoded: What your API key looks like. You will use this long string to configure apps that need to communicate with the UsageLog API.
Decoded: The information stored in the key.
For now, we will switch our focus to the Decoded tab. It is split into three sections. Each section has a distinct color and corresponds to a substring in the encoded key:
Header: Defines the algorithm and token type. You don’t need to bother with that. Just make sure you have the same as in the screenshot.
Payload: Contains data used by the API to validate the key. For the UsageLog API, three properties are required:
Issued at (
"iat"): Start time for the period of validity. You can hover over the timestamp with your mouse to see the date in human-readable format. It should be set to the current time by default, you don’t need to change it.Expiration (
"exp"): End time for the period of validity. The key will not be considered valid by the API past this date. In normal circumstances, this value should be very close to the start time (about 15 minutes). But, since the API does not have any logic to automatically refresh and issue a new token, we can make an exception and pick a distant date (like 6 months or one year). Just remember that after this time, the key will no longer be valid and you will need a new one.Issuer (
"iss"): Name of the entity which issues/validates the key. It must match exactly whatever you put in your appsettings.json.
Verify signature: This section is the most important one, as it is the secret is the only thing that differentiate a forged key from an authentic one. Only the trusted authority (UsageLog API) should know the secret.
Once you are all done, you can switch back to the Encoded tab and save your key somewhere. This is the key you will use for your apps.
IV. How to use the API
The API can be easily used to read existing logs, create new ones, or add custom columns to have the ability to log more information.
...