Details for API Gateway
Logging details for API Gateway logs.
Resources
- API deployment
Log Categories
API value (ID): | Console (Display Name) | Description |
---|---|---|
Access | Access Logs | Access logs for an API deployment. |
Execution | Execution Logs | Execution logs for an API deployment. |
Availability
API Gateway Access/Execution logging is available in all the regions of the commercial realms.
API Deployment Access Log
API deployment access logs record a summary of every request and response that goes through the API gateway, matching a route on the API deployment. Each access log entry contains information about the request and response (time the request was received, server protocol, response status, and so on). For the complete list of fields, see Contents of an Access Log.
Contents of an Access Log
Access logs appear as a value in the Log Data field. This value is JSON-formatted data with the following fields:
Field | Example | Description |
---|---|---|
httpMethod | GET | HTTP method derived from the request line. |
requestUri | /example/ | Request URI derived from the request line. |
serverProtocol | HTTP/1.1 | HTTP protocol derived from the request line. |
bodyBytesSent | 45 | Total size of the response (in bytes) sent to the client. |
gatewayId | ocid1.apigateway.oc1.iad.<unique_ID> | OCID of the API Gateway for the API deployment servicing the request. |
httpUserAgent | Apache-HttpClient/4.5.9 (Java/1.8.0_252) | HTTP user agent for the request. |
message | GET /example/ HTTP/1.1 | Request line received from the client. |
opcRequestId | FF7F0B8A32246FC7526AE45A2FA8D5CE/ A408784281BF81B0EE23596CE57CA93C/ C06F7DDDFC7C505FAA0566D8F2FE0BB2 |
Value of the opc-request-id HTTP header, or an internally generated request ID if none was specified in the request. |
remoteAddr | 138.1.55.172 | IP address of the requesting client. |
httpReferrer | https://www.example.com | The URL of the referral, if present. |
requestDuration | 0.016 | Total time taken (in seconds, with millisecond precision), from when the gateway starts receiving request from the client, until it completes sending a response to the client. |
status | 404 | Status code of the response from the gateway. |
Sample Access Log
{
"httpMethod": "GET",
"requestUri": "/example/",
"serverProtocol": "HTTP/1.1",
"bodyBytesSent": 45,
"gatewayId": "ocid1.apigateway.oc1.iad.<unique_ID>",
"httpUserAgent": "Apache-HttpClient/4.5.9 (Java/1.8.0_252)",
"message": "GET /example/ HTTP/1.1",
"opcRequestId": "FF7F0B8A32246FC7526AE45A2FA8D5CE/A408784281BF81B0EE23596CE57CA93C/C06F7DDDFC7C505FAA0566D8F2FE0BB2",
"remoteAddr": "138.2.05.172",
"requestDuration": 0.016,
"status": 404
}
API Deployment Execution Log
API deployment execution logs record information about processing within the API gateway for an individual route, to help with troubleshooting and monitoring. Each execution log entry contains information (time the request was received, level to denote the severity of the log message, a message code, and so on). For the complete list of fields, see Contents of an Execution Log.
Contents of an Execution Log
By default Log Level info is enabled. This value is JSON-formatted data with the following fields:
Field | Example | Description |
---|---|---|
code | request.loopDetected | Short code for the logging event encountered while running the request. For the complete list of message codes, see the "Log Codes" table Log Codes. |
gatewayId | ocid1.apigateway.oc1.iad.<unique_ID> | API gateway OCID for the API deployment servicing the request. |
functionId | ocid1.fnfunc.oc1.iad.<unique_ID> | OCID of function that the API gateway invoked. This field is only present for function backends. |
level | WARN | Log level for the execution log entry, whether INFO, WARN, or ERROR. |
message | A request loop has been detected - requests for this gateway are being directed back to this gateway. | Execution message emitted while processing the request. |
opcRequestId | FF7F0B8A32246FC7526AE45A2FA8D5CE/ A408784281BF81B0EE23596CE57CA93C/ C06F7DDDFC7C505FAA0566D8F2FE0BB2 |
Value of the opc-request-id HTTP header, or an internally generated request ID if none was specified in the request. |
functionCode | FunctionInvokeSyslogUnavailable | A code provided by OCI Functions to uniquely define the function's error. This field is only present for function backends. |
functionMessage | Syslog endpoint unavailable | A message provided by OCI Functions to describe the function's error. This field is only present for function backends. |
functionStatusCode | 502 | The HTTP status code returned by OCI Functions. This field is only present for function backends. |
configuredLimit | 5 | Number of requests to allow per configuredUnit. Either the rate limit, or the quota. |
configuredUnit | MINUTE | Time period in which to allow the number of requests specified by configuredLimit. For rate limits, "SECOND". For quota, "MINUTE", "DAY", "HOUR", "WEEK", or "MONTH". |
entitlementName | Entitlement1 | Name of the entitlement the request is using to access the API deployment. |
limitingKey | <timestamp>/ocid1.apigatewayusageplan.oc1.iad.<unique_ID>/<entitlement-name>/ocid1.apigatewaysubscriber.oc1.iad.<unique_ID> | To calculate usage for rate limit and quota purposes, requests with the same key are counted together. |
limitingResourceId | ocid1.apigatewayusageplan.oc1.iad.<unique_ID> | OCID of the usage plan used to access the API deployment. |
limitingResourceName | Gold-Usage-Plan | Name of the usage plan used to access the API deployment. |
Log Codes
Log Code | Description | Related Feature |
---|---|---|
httpBackend.timeout | Request to the HTTP backend timed out. | HTTP Backend |
httpBackend.dnsResolutionFailed | Failed to resolve the HTTP backend URL. | |
httpBackend.sslHandshakeFailed | SSL Handshake failed with the HTTP backend. | |
httpBackend.successfulRequest | Successful request to the HTTP backend. | |
httpBackend.responseReceived | Response received from the HTTP backend. | |
httpBackend.requestSent | Request sent to the HTTP backend. | |
functionBackend.successfulRequest | Successful invocation of function in OCI Functions. | OCI Functions Backend |
functionBackend.notFoundOrNotAuthorized | Failed to invoke the function in OCI Functions due to 404 from OCI Functions service. | |
functionBackend.rateLimited | Rate limited when invoking the function in OCI Functions. | |
functionBackend.serviceUnavailable | OCI Functions service unavailable. | |
functionBackend.badGateway | Received "Bad Gateway" when invoking the function in OCI Functions. | |
functionBackend.timeout | Invocation of function in OCI Functionstimed out. | |
functionBackend.internalServiceError | Internal service error when invoking the function in OCI Functions. | |
specification.badVariableReference | The context variable couldn't be resolved. | Incorrect Specification at run-time |
specification.invalidAuthenticationPolicy | Invalid authentication policy. | |
specification.badTransformationPolicy | Bad transformation policy. | |
specification.badHeaderTransformationPolicy | Bad Header Transformation policy. | |
specification.badQueryParameterTransformationPolicy | Bad Query Parameter Transformation policy. | |
request.internalServiceError | Internal service error. | Request processing |
request.loopDetected | A request loop condition has been detected, whereby requests for the gateway are being redirected to itself creating a cycle. | |
request.possibleLoopDetected | A possible request loop condition has been detected, whereby requests for the gateway are being redirected to itself creating a cycle. | |
request.headersTruncated | Request headers were truncated. | |
request.queryParametersTruncated | Request query parameters were truncated. | |
authorization.unauthorizedRequest | Authorization failed for the request. | Request Authorization |
authorization.scopeCheckFailed | Failed to check the scope for the request. | |
customAuthentication.successfulFunctionInvocation | Successfully invoked the Oracle Function. | Custom Authentication |
customAuthentication.failedFunctionInvocation | Failed to invoke the Oracle Function. | |
customAuthentication.successfulAuthentication | Custom Authentication successful. | |
customAuthentication.authenticationFailed | Custom Authentication failed. | |
customAuthentication.unexpectedResponse | Unexpected response from the Oracle Function. | |
jwtAuthentication.successfulAuthentication | JWT Authentication successful. | JWT Authentication |
jwtAuthentication.authenticationFailed | JWT Authentication failed. | |
jwtAuthentication.badJsonWebKeySet | JSON Web Key Set is not valid. | |
jwtAuthentication.loadingJsonWebKeySet | Loading the JSON Web Key Set. | |
headerTransformation.badHeaderValue | Bad value for request header. | Header Transformation |
headerTransformation.protectedHeaderTransformed | The policy tried to transform a protected header. | |
headerTransformation.protectedElementTransformed | The policy tried to transform a protected element. | |
headerTransformation.missingSetValues | Missing value for the set transform policy. | |
queryParameterTransformation.badParameterValue | Bad value for request query parameter. | Query Parameter Transformation |
queryParameterTransformation.protectedElementTransformed | The policy tried to transform a protected element. | |
queryParameterTransformation.missingSetValues | Missing value for the set transform policy. | |
requestValidation.validationError | Request failed a validation policy. | Request Validation |
usagePlans.requestPermitted | Request from a usage plan subscriber was allowed. | Usage Plans |
usagePlans.requestRejected | Request from a usage plan subscriber was rejected. | |
usagePlans.requestBreachedButAllowed | The request was allowed, even though the maximum number of requests specified by a usage plan entitlement was exceeded. | |
usagePlans.eligibleNotEntitled | The API deployment is not the target of an entitlement in any usage plan, even though the API deployment specification includes a usage plan request policy that specifies a client token. | |
dynamicRouting.backendMatched | The request matched a back end rule, and was routed to the associated back end. | Dynamic Back End Routing |
dynamicRouting.backendRejected | The request failed because the request did not match a back end rule, and no default rule was defined. | |
dynamicRouting.defaultBackendMatched | The request did not match a back end rule, and so was routed to the back end associated with the default rule. | |
dynamicAuthentication.defaultAuthenticationServerMatched | The selected context variable value did not match any of the authentication server rules, but a default authentication server had been specified so that was used for authentication. | Dynamic Authentication Server Selection |
dynamicAuthentication.authenticationServerMatched | The selected context variable value matched one of the authentication server rules. | |
dynamicAuthentication.noAuthenticationServerMatched | The selected context variable value did not match any of the authentication server rules, and no default authentication server had been specified. | |
dynamicAuthentication.jwtTokenNotFound | The selected context variable was request.auth[claimName] but no JWT token was sent with the request. | |
dynamicAuthentication.jwtTokenInvalid | The selected context variable was request.auth[claimName] but an invalid JWT token was sent with the request. | |
authentication.validationFailurePolicyInvalid | The validation failure policy is not a defined type. | Request-based Authentication |
Sample Execution Logs
- Type: Request
- Scenario: Request Loop Detected
- Description: A request loop condition has been detected, whereby requests for the gateway are being redirected to itself creating a cycle.
- Example:
{ "code": "request.loopDetected", "gatewayId": "ocid1.apigateway.oc1.iad.<unique_ID>", "level": "WARN", "message": "A request loop has been detected - requests for this gateway are being directed back to this gateway.", "opcRequestId": "FF7F0B8A32246FC7526AE45A2FA8D5CE/A408784281BF81B0EE23596CE57CA93C/C06F7DDDFC7C505FAA0566D8F2FE0BB2", }