Middleware

The following parameters apply when adding the Apitally middleware to your application.

ParameterDescriptionType
client_idRequired. Client ID for your application. Find it on the Setup instructions page for your app.string
envName of the environment, e.g. prod or dev. The environment will be automatically created in Apitally if it doesn’t exist. Defaults to dev.string
openapi_urlPath to the API endpoint providing the OpenAPI specification, e.g. /openapi.json. Pre-configured for FastAPI.string
app_versionThe current version of your application, e.g. 1.0.0.string
proxyHTTP proxy to use for sending data to Apitally Hub. Useful in environments with no direct internet connectivity.string

Request logging config

The following are the parameters of the RequestLoggingConfig dataclass.

ParameterDescriptionTypeDefault
enabledWhether request logging is enabled.boolFalse
log_query_paramsWhether to include query parameters in the logs. If disabled these will be stripped from the request URLs logged.boolTrue
log_request_headersWhether to include request headers in the logs. Default masking for common sensitive headers (e.g. Authorization) applies.boolFalse
log_request_bodyWhether to include the request body in the logs. Only JSON and text are supported, up to 50 KB.boolFalse
log_response_headersWhether to include response headers in the logs.boolTrue
log_response_bodyWhether to include the response body in the logs. Only JSON and text are supported, up to 50 KB.boolFalse
mask_query_paramsList of regular expressions for matching query parameter names that should be masked.list[str][]
mask_headersList of regular expressions for matching header names that should be masked.list[str][]
mask_request_body_callbackCallback function for masking the request body. Takes one parameter request and returns the request body as bytes or None.CallableNone
mask_response_body_callbackCallback function for masking the response body. Takes two parameters request and response and returns the response body as bytes or None.CallableNone
exclude_pathsList of regular expressions for matching paths to exclude from logging.list[str][]
exclude_callbackCallback function for excluding requests from logging. Takes two parameters request and response and returns a True, if the request should be excluded, or False otherwise.CallableNone

Request dict

Below are the keys of the request dicts that are passed to the user-provided callback functions.

KeyDescriptionType
timestampUnix timestamp of the request.float
methodHTTP method of the request.str
pathPath of the request.str
urlFull URL of the request.str
headersArray of key-value pairs representing the request headers.list[tuple[str, str]]
sizeSize of the request body in bytes.int
consumerIdentifier of the consumer making the request.str
bodyRaw request body.bytes

Response dict

Below are the keys of the response dicts that are passed to some of the user-provided callback functions.

KeyDescriptionType
status_codeHTTP status code of the response.int
response_timeTime taken to respond to the request in seconds.float
headersArray of key-value pairs representing the response headers.list[tuple[str, str]]
sizeSize of the response body in bytes.int
bodyRaw response body.bytes

Default masking

The below regular expressions are used to mask sensitive query parameters and headers.

# Query parameters
MASK_QUERY_PARAM_PATTERNS = [
    r"auth",
    r"api-?key",
    r"secret",
    r"token",
    r"password",
    r"pwd",
]

# Headers
MASK_HEADER_PATTERNS = [
    r"auth",
    r"api-?key",
    r"secret",
    r"token",
    r"cookie",
]

Default exclusions

The below regular expressions are used to exclude common health check endpoints from logging. They are applied to the request path.

# Common paths of health check endpoints
EXCLUDE_PATH_PATTERNS = [
    r"/_?healthz?$",
    r"/_?health[_-]?checks?$",
    r"/_?heart[_-]?beats?$",
    r"/ping$",
    r"/ready$",
    r"/live$",
]
Advanced usageJavaScript