Skip to main content
When API traffic on API Proxies in Gateway Runtime environments needs to be recorded, the setting of where the relevant logs should be stored can be made with the following settings. The following connectors can be used to send API traffic in Gateway Runtime environments to other environments:

Database

Elasticsearch

Kafka

RabbitMQ

ActiveMQ

Syslog

Webhook

Logback

To examine the structure of the data to be sent to these connectors, you can check this document.
An image containing adding connectors to Gateway Runtime environments is shown below: Adding Connector to Gateway Runtime Environments
  • Querying and analytical visualization of the relevant API Traffic in Apinizer Management Console is only possible by adding Elasticsearch Connector to the relevant environment.
  • If multiple Elasticsearch Connectors are defined, data in the first added Elasticsearch Connector can be viewed in Apinizer Management Console.
  • If Elasticsearch Connector has never been added, the following fields/menus are completely closed:
    • All screens and menus related to Analytics
    • API Proxy’s Trace, API Traffic, and Analytics tabs
    • Anomaly Detector in the Monitor menu
    • Analytics section of Overview in the Management menu
    • OAuth2 policy
    • Log tab in the test console
    • Token Requests in the Audit menu
    • Report creator menu
    • Dashboard and API Traffic in the Portal

Common Fields in Connectors

When creating a connector, there are some input fields that are the same for each type. This information is shown in the selected fields in the image below. Common Fields in Connectors The fields used for configuration of common information in connectors are shown in the table below.
FieldDescription
Configure API Proxy Traffic Log Setting Detail (Configure API Proxy Traffic Log Setting Detail)When this setting is activated, the fields to be logged are selected. If there are long texts among the fields to be sent for logging, size limits can be set for these fields.
If enabled, all traffic logs of which API proxy is not found or not exists are also exported to target (If enabled, all traffic logs of which API proxy is not found or not exists are also exported to target)With this setting, if desired, all traffic logs where the API Proxy is not found or does not exist are also exported to the target.
Configure API Proxy Traffic Privacy Setting (Configure API Proxy Traffic Privacy Setting)When this setting is activated, data that is not desired to be accessed clearly within log records can be prevented from being displayed as is. Detailed information about this section is explained below.
If enabled, unsent requests will be sent to failover connector (If enabled, unsent requests will be sent to failover connector)If the connector is offline or inaccessible, a new failover connection can be defined for log records that cannot be sent in this case.
Failover Connector Type (Failover Connector Type)The type of the failover connector to be defined is selected.
TypeThis field becomes active when the failover type is selected as Database (Database). Database type is selected.
Failover Connection (Failover Connection)The failover connection to be defined according to the selected failover type is selected.
Operation (Operation)This field becomes active when the failover type is selected as Database (Database). Operation type is selected.

Configuring API Proxy Traffic Log Setting Details

When the “Configure API Traffic Log Setting Detail” option is enabled, you can customize how API traffic logs will be recorded. Apinizer logs are divided into four different regions according to the traffic flow in the system.

API Traffic Log Regions

Apinizer logs API traffic in these four regions:
  1. Request from Client (Request from Client)
  2. Request to Target (Request to Target)
  3. Response from Target (Response from Target)
  4. Response to Client (Response to Client)
When the “Configure API Traffic Log Setting Detail” option is enabled, logging can be customized for each of these regions. By default, logging of fields in all message regions is active. Logged fields can be restricted according to need or based on the resource consumption of the log server.
For production environments, it is recommended to disable logging of elements belonging to the following regions:
  • Request to Target (Request to Target)
  • Response from Target (Response from Target)
If an API Proxy is running in a production environment, it means that all policy settings and tests in the API Proxy are completed and no more development will be done. Therefore, it is recommended not to write header, parameter, and body data in these two regions so that data in the database does not grow excessively.
Even if all logging fields are closed, if an error occurs in the request, all log fields are recorded so that the error can be detected. This feature can be turned on and off in general settings.
Due to variable data sizes and data formats of Formdata requests, file parts are never logged. Only other metadata fields are logged.
Since WebSocket and gRPC requests are kept as data coming to Apinizer and data leaving Apinizer, there are only 2 regions in these types of API Proxies.

Log Settings Screen

An image containing the log settings screen that appears when the “Configure API Traffic Log Setting Detail” option is enabled is shown below: Log Settings Screen In this screen, which fields will be logged for each region can be selected and size limits can be set for fields containing long texts.

Customizable Log Fields

Fields that can be customized in API traffic log settings are given below. For each field, whether it will be logged or not can be selected, and size limits can be set for fields containing long texts.
FieldDescription
Identification Metadata (Identification Metadata)Records system identification information
Request Metadata (Request Metadata)Captures request-specific metadata information
API Proxy Metadata (API Proxy Metadata)Logs metadata information related to the proxy
Response Metadata (Response Metadata)Records response-specific metadata information
Metrics (Metrics)Captures performance and timing metrics
Header from Client (Header from Client)Records all headers received from the client
Body from Client (Body from Client)Captures the request body coming from the client
Param from Client (Param from Client)Logs parameters received from the client
Header to Target (Header to Target)Records headers sent to the backend
Body to Target (Body to Target)Captures the request body sent to the backend
Param to Target (Param to Target)Logs parameters sent to the backend
Sent Address (Sent Address)Records address information for the request
Header from Target (Header from Target)Records headers received from the backend
Body from Target (Body from Target)Captures the response body coming from the backend
Header to Client (Header to Client)Records headers sent to the client
Body to Client (Body to Client)Captures the response body sent to the client

Size Limits

If there are long texts among the fields to be sent for logging, size limits can be set for these fields. This way, the size of log records can be kept under control and storage space in the database or log target system can be optimized. A separate size limit can be determined for each field. When the determined limit is exceeded, the content of the relevant field is logged by truncating it or can be completely skipped.

Configuring API Proxy Traffic Privacy Settings

Apinizer keeps records of message traffic (request and response) flowing through Apinizer. Sensitive or personal data such as credit card information, password, phone number may be present in any part of the messages (header, parameter, body). When it is not desired for this data to be accessed clearly within log records, Apinizer can prevent the data from being displayed as is by applying the following operations to fields carrying sensitivity/privacy within log records with “API Proxy Traffic Privacy Settings”:
For API Proxy-based log settings, you can check the API Traffic Log Settings section on the API Proxy Configuration - Settings Tab page.
  • Masking: A mask is applied to the field’s value with the * sign.
  • Deletion: The field’s value is deleted while logging.
  • Encryption: The field’s value is encrypted with a salt code generated on an application basis.
  • Hashing: The field’s value is logged by hashing it.
API Proxy Traffic Privacy Settings are only related to how data in log records kept on Apinizer is stored. It is not related in any way to data going to Backend API or data returning to Client! You can use policies to process this data.

Applying Privacy Settings

At the time of log record creation, scanning is performed on the “header, parameter, and body” fields of request and response messages with the element names defined. For found element names, the operation (masking, deletion, encryption, hashing) defined specifically for the element name is applied. For the element name to be searched on the request or response body, the body value must be XML, JSON, or Form data (form-data, x-www-form-urlencoded). If the data is XML or JSON, the “sensitive data element name” value is searched in all element names (recursively), if it is form data, it is searched in all keywords, and if found, the relevant operation (masking, deletion, encryption, hashing) is applied to the element value if XML or JSON, or to the value corresponding to the key if form data. The “-PA” suffix is also added to the end of the relevant element/key name on the data to indicate that the operation was performed. PA: Privacy Applied. For “API Proxy Traffic Privacy Settings” to be applied per defined field, scanning is performed in all of the following fields:
  • Header, Query Parameter, and Body of Message Coming from Client
  • Header, Query Parameter, and Body of Message Going to Backend
  • Header and Body of Message Returning from Backend
  • Header and Body of Message Returning to Client
As can be understood from the scanned fields, API Proxy Traffic Privacy Settings is a costly operation in terms of performance.Since logging operations are done asynchronously, even though it does not affect API Traffic, if it will be used intensively, system configuration should be made considering its effect on processor power.

Definitions Screen

The Activate option must be active to activate “API Proxy Traffic Privacy Settings”. An image containing the screen that appears when API Proxy Traffic Privacy Settings is activated is shown below: API Proxy Traffic Privacy Settings Element name and what will be done to this definition (operation information) pairs are defined. They are added to the definition list with the Add button. An element name and relevant operation defined here applies to all API Proxies. When a definition is created, it is automatically added to all API Proxies. When a definition is deleted, this setting is removed from all API Proxies.
If an API Proxy does not exist, all definitions are applied to incoming requests.

What is Salt?

One of the operations of API Proxy Traffic Privacy Settings is hashing. When the hashing method is selected, the data is stored by hashing it with an algorithm so that it cannot be reversed. Hashed data is one-way and cannot be retrieved. Only the hashed data can be recreated. With Salt, the output that would normally be created by selecting a hash algorithm is made different, preventing the hashed value from being found by comparison. When API Proxy Traffic Privacy Settings is first activated, Apinizer creates one salt value and hashes the data with it. Although it seems more correct to hash each value with different salts, since in some cases it may be necessary to search and find the data or know that the value of the data is correct, this salt is stored secretly by Apinizer without being changed. The user is allowed to create the same hashed data on the screen by entering the value.