Skip to main content

Configuration options

The following parameters apply when configuring Apitally options for your ASP.NET Core application.
ParameterDescriptionType
ClientIdClient ID for your application. Find it on the Setup instructions page for your app.string
EnvName of the environment, e.g. prod or dev. The environment will be automatically created if it doesn’t exist.string
RequestLoggingConfiguration for request logging. See table below.RequestLoggingOptions

Request logging options

The following are the properties of the RequestLoggingOptions class.
ParameterDescriptionTypeDefault
EnabledWhether request logging is enabled.boolfalse
IncludeQueryParamsWhether to include query parameters in the logs. If disabled, these will be stripped from the request URLs logged.booltrue
IncludeRequestHeadersWhether to include request headers in the logs. Default masking for common sensitive headers (e.g. Authorization) applies.boolfalse
IncludeRequestBodyWhether to include the request body in the logs. Only JSON and text are supported, up to 50 KB.boolfalse
IncludeResponseHeadersWhether to include response headers in the logs.booltrue
IncludeResponseBodyWhether to include the response body in the logs. Only JSON and text are supported, up to 50 KB.boolfalse
IncludeExceptionWhether to include exception details in the logs.booltrue
CaptureLogsWhether to capture application logs emitted during request handling.boolfalse
QueryParamMaskPatternsList of regular expressions for matching query parameters to mask. These are in addition to the default masking patterns.List<string>[]
HeaderMaskPatternsList of regular expressions for matching headers to mask. These are in addition to the default masking patterns.List<string>[]
BodyFieldMaskPatternsList of regular expressions for matching request/response body fields to mask. These are in addition to the default masking patterns.List<string>[]
PathExcludePatternsList of regular expressions for matching paths to exclude from logging.List<string>[]
MaskRequestBodyFunction to mask sensitive data in the request body. Return null to mask the whole body.Func<Request, byte[]?>-
MaskResponseBodyFunction to mask sensitive data in the response body. Return null to mask the whole body.Func<Request, Response, byte[]?>-
ShouldExcludeFunction to determine whether a request should be excluded from logging. Return true to exclude the request.Func<Request, Response, bool>-

Request object

Below are the properties of the Request objects that are passed to the user-provided callback functions.
PropertyDescriptionType
TimestampUnix timestamp of the request.long
ConsumerIdentifier of the consumer making the request.string
MethodHTTP method of the request.string
PathPath of the request.string
UrlFull URL of the request.string
HeadersArray of key-value pairs representing the request headers.Header[]
SizeSize of the request body in bytes.int
BodyRaw request body as bytes.byte[]

Response object

Below are the properties of the Response objects that are passed to some of the user-provided callback functions.
PropertyDescriptionType
StatusCodeHTTP status code of the response.int
ResponseTimeTime taken to respond to the request in seconds.double
HeadersArray of key-value pairs representing the response headers.Header[]
SizeSize of the response body in bytes.int
BodyRaw response body as bytes.byte[]

Default masking

The below regular expressions are used to mask sensitive query parameters, headers and request/response body fields. 
// Query parameters
private static readonly string[] MaskQueryParamPatterns =
[
    @"auth",
    @"api-?key",
    @"secret",
    @"token",
    @"password",
    @"pwd"
];

// Headers
private static readonly string[] MaskHeaderPatterns =
[
    @"auth",
    @"api-?key",
    @"secret",
    @"token",
    @"cookie"
];

// Request/response body fields
private static readonly string[] MaskBodyFieldPatterns =
[
    @"password",
    @"pwd",
    @"token",
    @"secret",
    @"auth",
    @"card[-_ ]?number",
    @"ccv",
    @"ssn"
];

Default exclusions

The below regular expressions are used to exclude common health check endpoints from logging. They are applied to the request path. 
// Common paths of health check endpoints
private static readonly string[] ExcludePathPatterns =
[
    @"\/_?healthz?$",
    @"\/_?health[_-]?checks?$",
    @"\/_?heart[_-]?beats?$",
    @"\/ping$",
    @"\/ready$",
    @"\/live$"
];
I