Apitally Blog

API request logging built for privacy and performance

Introducing the new request logging feature in Apitally that connects API metrics & insights with the ability to drill down and inspect individual requests.

Simon Gurcke//2 min read

Today we’re announcing a significant milestone for Apitally: the release of our request log feature. This addition bridges the gap between aggregated API metrics and request-level debugging.

When investigating potential API issues, developers typically have access to either aggregated metrics (which show patterns but lack detail) or raw logs (which provide detail but lack context). This forces teams to juggle multiple tools and piece together information from different sources.

We built the request log in Apitally to solve this disconnect. Now you can explore API metrics on the dashboard, identify anomalies or issues, and drill down to the relevant requests to understand exactly what happened.

The new request log feature provides a chronological view of API requests with:

  • Interactive timeline visualization for quick navigation
  • Comprehensive filtering by consumer, endpoint, status code, and more
  • Full request and response inspection, including headers and payloads

We’ve designed request logging with a strong focus on privacy and performance. It’s an opt-in feature, so you have to explicitly enable and configure it. You can mask sensitive information, exclude specific paths or consumers, and control which parts of the request and response are included. There are default masking and exclusion rules in place, for example to protect you from accidentally logging API key headers or flooding your logs with requests from health checkers.

Here’s an example for a FastAPI application:

from fastapi import FastAPI
from apitally.fastapi import ApitallyMiddleware, RequestLoggingConfig

app = FastAPI()
app.add_middleware(
    ApitallyMiddleware,
    client_id="your-client-id",
    env="dev",
    request_logging_config=RequestLoggingConfig(
        enabled=True,
        log_query_params=True,
        log_request_headers=True,
        log_request_body=True,
        log_response_headers=True,
        log_response_body=True,
        # Mask sensitive headers (in addition to default masking rules)
        mask_headers=[r"^X-Something-Sensitive$"],
        # Custom logic for masking response body
        mask_response_body_callback=lambda request, response: (
            response["body"] if response["status_code"] >= 400 else None
        ),
        # ... and more options (see our docs)
    ),
)

The logging in the middleware works asynchronously. Request data is compressed and temporarily stored on disk before being sent to Apitally’s servers in regular intervals. This approach ensures that there is minimal impact on the application’s performance.

Request logging works independently of the existing API metrics collection in the Apitally middleware.

Real-world Use Cases

Our beta users have already found several powerful ways to use the request log:

  1. Customer support: When a customer reports an API issue, support teams can quickly find the relevant requests, inspect the payloads and error messages, and pinpoint the root cause.

  2. Performance optimization: After identifying endpoints with high latency in the performance dashboard, developers can inspect slow requests to these endpoints to understand what’s causing slowdowns.

  3. Security monitoring: When teams spot unusual traffic patterns on the traffic dashboard, the ability to inspect the actual requests helps them quickly identify and respond to potential security issues.

Wrapping up

The request log is available today for all paid plans. We’ve focused on making it powerful, performant and privacy-conscious, with fine-grained control over what gets logged and how sensitive data is handled.

We’d love to hear your feedback and learn how you’re using it for your applications. Feel free to drop us a line at [email protected].