EPR Auditor API Access Guide
- Eric Niday
This guide outlines how to authenticate and retrieve audit log records securely via API.
Step 1: 🔑 Authenticate and Obtain Token
Make a POST request to the login endpoint using your auditor credentials to retrieve a bearer token.
🔸 Endpoint
POST https://baseurl.eplansoftreview.com/auth/login
🔸 Headers
Content-Type: application/x-www-form-urlencoded
🔸 Body (x-www-form-urlencoded)
Key | Value |
|---|---|
password | SuperSecurePassword123! |
✅ You’ll receive a
tokenfield in the response. Save this — it's yourx-access-key.
Step 2: 📄 Retrieve Audit Logs
With the token, make a GET request to the audit logs endpoint using startDate and endDate query parameters.
🔸 Endpoint
GET https://toronto-uat.eplansoftreview.com/partner/auditlogs
🔸 Query Parameters
Name | Type | Required | Format | Notes |
|---|---|---|---|---|
startDate | string | ✅ Yes | ISO-8601 (YYYY-MM-DD) | Cannot be after endDate |
endDate | string | ✅ Yes | ISO-8601 (YYYY-MM-DD) | Max range: 31 days |
🔹 Example Full URL
CopyEdit
https://baseurl.eplansoftreview.com/partner/auditlogs?startDate=2025-07-28&endDate=2025-07-30
🔸 Headers
CopyEdit
x-access-key: YOUR_TOKEN_HERE
✅ Sample Success Response
CopyEdit
{
"success": true,
"message": "Logged In",
"data": {
"user": {
"id": 383,
"vendor_id": null,
"email": "audituser@example.com",
"firm": null,
"title": null,
"firstName": "Audit",
"lastName": "User",
"isActive": true,
"reviewSettings": null,
"licenseNumber": null,
"searchSettings": null,
"otpAuthUrl": "value",
"otpBase32": "value",
"security": null,
"primaryPhone": null,
"secondaryPhone": null,
"enableNotifications": true,
"allowContributorDownloads": true,
"columnFilter": null,
"projectStatusFilters": null,
"assignmentStatusFilters": null,
"isSharedLicense": false,
"isLocked": false,
"lockedAt": null,
"loginAttempts": 0,
"lastLoginAttempt": null,
"passwordUpdatedAt": "2025-07-30T14:33:23.000Z",
"address_id": 938,
"userRole_LIID": 4134,
"licenseState_LIID": null,
"licenseType_LIID": 270,
"createdAt": "2025-07-30T14:33:23.000Z",
"updatedAt": "2025-07-30T14:33:51.000Z",
"deletedAt": null,
"department_LIID": null,
"groups": [],
"userRole": {
"id": 4134,
"key": "UserRoles_General_Audit",
"label": "Audit",
"userRolePermissions": [
{
"id": 562,
"userRole_LIID": 4134,
"permission_LIID": 137,
"activity_id": 33,
"activity": {
"id": 33,
"permissionType_LIID": 9,
"key": "EventLogs",
"label": "Event Logs",
"isFiltered": false
},
"permission": {
"id": 137,
"key": "Permissions_General_View"
}
}
],
"userRoleFilters": []
},
"licenseType": {
"id": 270,
"key": "LicenseType_General_Standard",
"label": "Standard"
},
"isExpired": false
},
"token": "jwt-tokenvalue"
}
}⚠️ Error Responses
HTTP Code | Message | Meaning |
|---|---|---|
400 | Missing parameters |
|
400 | Invalid date format | Not ISO-8601 or valid MM-DD-YYYY |
400 | Date range too large | More than 31 days between dates |
400 | Date in future / before 1970 | Invalid for audit scope |
400 |
| Invalid range |
500 | Internal server error | Server or DB failure |
🔒 Security & Expiry Notes
Tokens are JWT-based and expire after ~12 hours(unless otherwise configured).
They are invalidated on logout, so treat each session as temporary.
Automate token refresh on failure (401/expired).
📩 Support Contacts
Role | Contact |
|---|---|
Integration Manager | |
General Support |