Skip to main content
The Apitally Serverless SDK captures details about each request and response handled by your application. To protect sensitive data and reduce noise, the SDK provides mechanisms for masking data and filtering out requests you don’t want to log.

Default masking and exclusion

The SDK automatically masks common sensitive query parameters, headers, and request/response body fields based on built-in patterns. For example, fields named password, token, secret, or headers like Authorization are masked by default. To reduce noise, the SDK also automatically excludes common static assets and health check endpoints, such as /robots.txt or /healthz. See the data privacy page for complete lists of default masking and exclusion patterns.

Mask sensitive data

You can extend the default masking rules by providing additional regular expressions via the maskHeaders and maskBodyFields parameters. Patterns match anywhere within the name. Use ^ and $ anchors for exact matches, and the i flag for case-insensitive matching.
Configuration example
import { Hono } from "hono";
import { useApitally } from "@apitally/serverless/hono";

const app = new Hono();

useApitally(app, {
  logRequestHeaders: true,
  logRequestBody: true,
  logResponseBody: true,
  // Mask specific headers and body fields
  maskHeaders: [/^X-Custom-Key$/i, /^X-Internal-/i],
  maskBodyFields: [/^credit_card$/i, /social_security/i],
});

Exclude requests

You can exclude requests from logging using path patterns (regular expressions) via the excludePaths parameter. Like the masking patterns, these match anywhere within the request path. Use ^ and $ anchors for exact matches, and the i flag for case-insensitive matching.
Configuration example
import { Hono } from "hono";
import { useApitally } from "@apitally/serverless/hono";

const app = new Hono();

useApitally(app, {
  // Exclude paths matching certain patterns
  excludePaths: [/\/admin\//i, /\/internal\//i],
});
Excluded requests won’t be logged, but are still counted in metrics. To exclude endpoints from metrics, you can mark them as excluded in the dashboard.