Configuration options

The following parameters apply when configuring Apitally options for your ASP.NET Core application.

ParameterDescriptionType
ClientIdClient ID for your application. Find it on the Setup instructions page for your app.string
EnvName of the environment, e.g. prod or dev. The environment will be automatically created in Apitally if it doesn’t exist.string
RequestLoggingConfiguration for request logging. See table below.RequestLoggingOptions

Request logging options

The following are the properties of the RequestLoggingOptions class.

ParameterDescriptionTypeDefault
EnabledWhether request logging is enabled.boolfalse
IncludeQueryParamsWhether to include query parameters in the logs. If disabled these will be stripped from the request URLs logged.booltrue
IncludeRequestHeadersWhether to include request headers in the logs. Default masking for common sensitive headers (e.g. Authorization) applies.boolfalse
IncludeRequestBodyWhether to include the request body in the logs. Only JSON and text are supported, up to 50 KB.boolfalse
IncludeResponseHeadersWhether to include response headers in the logs.booltrue
IncludeResponseBodyWhether to include the response body in the logs. Only JSON and text are supported, up to 50 KB.boolfalse
QueryParamMaskPatternsList of regular expression patterns for matching query parameter names that should be masked.List<string>[]
HeaderMaskPatternsList of regular expression patterns for matching header names that should be masked.List<string>[]
PathExcludePatternsList of regular expression patterns for matching paths to exclude from logging.List<string>[]
MaskRequestBodyFunction to mask sensitive data in the request body. Return null to mask the whole body.Func<Request, byte[]?>-
MaskResponseBodyFunction to mask sensitive data in the response body. Return null to mask the whole body.Func<Request, Response, byte[]?>-
ShouldExcludeFunction to determine whether a request should be excluded from logging. Return true to exclude the request.Func<Request, Response, bool>-

Request object

Below are the properties of the Request objects that are passed to the user-provided callback functions.

PropertyDescriptionType
TimestampUnix timestamp of the request.long
ConsumerIdentifier of the consumer making the request.string
MethodHTTP method of the request.string
PathPath of the request.string
UrlFull URL of the request.string
HeadersArray of key-value pairs representing the request headers.Header[]
SizeSize of the request body in bytes.int
BodyRaw request body as bytes.byte[]

Response object

Below are the properties of the Response objects that are passed to some of the user-provided callback functions.

PropertyDescriptionType
StatusCodeHTTP status code of the response.int
ResponseTimeTime taken to respond to the request in seconds.double
HeadersArray of key-value pairs representing the response headers.Header[]
SizeSize of the response body in bytes.int
BodyRaw response body as bytes.byte[]

Default masking

The below regular expressions are used to mask sensitive query parameters and headers.

// Query parameters
private static readonly string[] MaskQueryParamPatterns =
[
    @"auth",
    @"api-?key",
    @"secret",
    @"token",
    @"password",
    @"pwd"
];

// Headers
private static readonly string[] MaskHeaderPatterns =
[
    @"auth",
    @"api-?key",
    @"secret",
    @"token",
    @"cookie"
];

Default exclusions

The below regular expressions are used to exclude common health check endpoints from logging. They are applied to the request path.

// Common paths of health check endpoints
private static readonly string[] ExcludePathPatterns =
[
    @"\/_?healthz?$",
    @"\/_?health[_-]?checks?$",
    @"\/_?heart[_-]?beats?$",
    @"\/ping$",
    @"\/ready$",
    @"\/live$"
];