This page guides you through the steps of configuring your Spring Boot application to work with Apitally. If you don’t have an account yet, now would be a good time to sign up. Once you’re done with this guide, you will be able to:
  • Analyze requests to your application
  • Keep track of errors, response times and payload sizes
  • Understand how individual API consumers use your application
  • Log and inspect API requests and responses
  • Monitor your application’s uptime and receive alerts when it’s down
  • Set up custom alert rules and get notified when they’re triggered

Create app

To get started, create a new app in the Apitally dashboard and select as your framework. Create app Here you can also configure the environments (e.g. prod and dev) for your app, or simply accept the defaults. Take a note of the client ID displayed after submitting. You will need it in the next step.

Enable Apitally

Add the Apitally SDK to your project’s dependencies. 
<dependency>
  <groupId>io.apitally</groupId>
  <artifactId>apitally</artifactId>
  <version>[0.1.0,)</version>
</dependency>
Next, add the @UseApitally annotation to your Spring Boot application class.
Application.java
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

import io.apitally.spring.UseApitally;

@UseApitally
@SpringBootApplication
public class Application {
    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}
Then configure Apitally in your application.yml file and provide the client ID for your app. You’ll find the client ID on the Setup instructions page in the Apitally dashboard, which is displayed immediately after creating the app.
application.yml
apitally:
  client-id: "your-client-id"
  env: "dev" # or "prod" etc.
Deploy your application with these changes, or restart if you're testing locally.
At this point the basic setup for your application is complete and you will start seeing data in the Apitally dashboard. However, you won't be able to analyze API consumers yet.

Identify consumers

To analyze and filter API traffic by consumers, you can associate requests with consumer identifiers in your application. In most cases, use the authenticated identity to identify the consumer. The identifier should be a string, such as a username, email address, or any other unique identifier. Optionally, you can also provide a display name and group for each consumer. To associate requests with consumers, set the apitallyConsumer attribute on the request. You could do this in a filter or interceptor, for example. 
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;

public class ConsumerIdentificationFilter extends OncePerRequestFilter {
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
            throws ServletException, IOException {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if (auth != null && auth.isAuthenticated()) {
            request.setAttribute("apitallyConsumer", auth.getName());
        }
        chain.doFilter(request, response);
    }
}
Now the Consumers page in the Apitally dashboard shows you information about all consumers that have made requests to your application. You can also filter insights on other the dashboards by consumer and better understand how each of them use your application.

Configure request logging

Logging of individual requests and responses is disabled by default to protect potentially sensitive data. If you enable it, you can configure in detail what parts of the request and response should be logged. You can also mask sensitive information (e.g. in headers) and exclude certain requests from logging. The SDK applies default masking rules for common sensitive headers, query parameters and request/response body fields. Check out the reference page to learn more about the request logging configuration options, and the default masking and exclusion rules. 
apitally:
  client-id: "your-client-id"
  env: "dev" # or "prod" etc.
  request-logging:
    enabled: true
    request-headers-included: true
    request-body-included: true
    response-body-included: true