Parameters

The following parameters apply for all integrations.

ParameterDescriptionTypeDefault
clientIdClient ID for your application. Find it on the Setup instructions page for your app.string
envName of the environment, e.g. prod or dev. The environment will be automatically created if it doesn’t exist.stringdev
requestLoggingConfiguration options for request logging. See table below.object
appVersionThe current version of your application, e.g. 1.0.0.string
loggerA custom logger instance. If not provided, a default logger is created automatically.object

Request logging config

The following are the keys of the requestLogging object.

ParameterDescriptionTypeDefault
enabledWhether request logging is enabled.booleanfalse
logQueryParamsWhether to include query parameters in the logs. If disabled, these will be stripped from the request URLs logged.booleantrue
logRequestHeadersWhether to include request headers in the logs. Default masking for common sensitive headers (e.g. Authorization) applies.booleanfalse
logRequestBodyWhether to include the request body in the logs. Only JSON and text are supported, up to 50 KB.booleanfalse
logResponseHeadersWhether to include response headers in the logs.booleantrue
logResponseBodyWhether to include the response body in the logs. Only JSON and text are supported, up to 50 KB.booleanfalse
logExceptionWhether to include exception details in the logs.booleantrue
maskQueryParamsArray of regular expressions for matching query parameters to mask. These are in addition to the default masking patterns.RegExp[][]
maskHeadersArray of regular expressions for matching headers to mask. These are in addition to the default masking patterns.RegExp[][]
maskBodyFieldsArray of regular expressions for matching request/response body fields to mask. These are in addition to the default masking patterns.RegExp[][]
maskRequestBodyCallbackCallback function for masking the request body. Takes one parameter request and returns the request body as Buffer or null.Function-
maskResponseBodyCallbackCallback function for masking the response body. Takes two parameters request and response and returns the response body as Buffer or null.Function-
excludePathsArray of regular expressions for matching paths to exclude from logging.RegExp[][]
excludeCallbackCallback function for excluding requests from logging. Takes two parameters request and response and returns true, if the request should be excluded, or false otherwise.Function-

Request object

Below are the properties of the request objects that are passed to the user-provided callback functions.

PropertyDescriptionType
timestampUnix timestamp of the request.number
consumerIdentifier of the consumer making the request.string
methodHTTP method of the request.string
pathPath of the request.string
urlFull URL of the request.string
headersArray of key-value pairs representing the request headers.[string, string][]
sizeSize of the request body in bytes.number
bodyRaw request body as bytes.Buffer

Response object

Below are the properties of the response objects that are passed to some of the user-provided callback functions.

PropertyDescriptionType
statusCodeHTTP status code of the response.number
responseTimeTime taken to respond to the request in seconds.number
headersArray of key-value pairs representing the response headers.[string, string][]
sizeSize of the response body in bytes.number
bodyRaw response body as bytes.Buffer

Default masking

The below regular expressions are used to mask sensitive query parameters, headers and request/response body fields.

// Query parameters
const MASK_QUERY_PARAM_PATTERNS = [
  /auth/i,
  /api-?key/i,
  /secret/i,
  /token/i,
  /password/i,
  /pwd/i,
];

// Headers
const MASK_HEADER_PATTERNS = [
  /auth/i,
  /api-?key/i,
  /secret/i,
  /token/i,
  /cookie/i,
];

// Request/response body fields
const MASK_BODY_FIELD_PATTERNS = [
  /password/i,
  /pwd/i,
  /token/i,
  /secret/i,
  /auth/i,
  /card[-_ ]?number/i,
  /ccv/i,
  /ssn/i,
];

Default exclusions

The below regular expressions are used to exclude common health check endpoints from logging. They are applied to the request path.

// Common paths of health check endpoints
const EXCLUDE_PATH_PATTERNS = [
  /\/_?healthz?$/,
  /\/_?health[_-]?checks?$/,
  /\/_?heart[_-]?beats?$/,
  /\/ping$/,
  /\/ready$/,
  /\/live$/,
];