Details for API Gateway

Logging details for API Gateway logs.

Resources

  • API deployment

Log Categories

API value (ID): Console (Display Name) Description
Access Access Logs Access logs for an API deployment.
Execution Execution Logs Execution logs for an API deployment.

Availability

API Gateway Access/Execution logging is available in all the regions of the commercial realms.

API Deployment Access Log

API deployment access logs record a summary of every request and response that goes through the API gateway, matching a route on the API deployment. Each access log entry contains information about the request and response (time the request was received, server protocol, response status, and so on). For the complete list of fields, see Contents of an Access Log.

Contents of an Access Log

Access logs appear as a value in the Log Data field. This value is JSON-formatted data with the following fields:

Field Example Description
httpMethod GET HTTP method derived from the request line.
requestUri /example/ Request URI derived from the request line.
serverProtocol HTTP/1.1 HTTP protocol derived from the request line.
bodyBytesSent 45 Total size of the response (in bytes) sent to the client.
gatewayId ocid1.apigateway.oc1.iad.<unique_ID> OCID of the API Gateway for the API deployment servicing the request.
httpUserAgent Apache-HttpClient/4.5.9 (Java/1.8.0_252) HTTP user agent for the request.
message GET /example/ HTTP/1.1 Request line received from the client.
opcRequestId FF7F0B8A32246FC7526AE45A2FA8D5CE/

A408784281BF81B0EE23596CE57CA93C/

C06F7DDDFC7C505FAA0566D8F2FE0BB2

Value of the opc-request-id HTTP header, or an internally generated request ID if none was specified in the request.
remoteAddr 138.1.55.172 IP address of the requesting client.
httpReferrer https://www.example.com The URL of the referral, if present.
requestDuration 0.016 Total time taken (in seconds, with millisecond precision), from when the gateway starts receiving request from the client, until it completes sending a response to the client.
status 404 Status code of the response from the gateway.

Sample Access Log

{
    "httpMethod": "GET",
    "requestUri": "/example/",
    "serverProtocol": "HTTP/1.1",
    "bodyBytesSent": 45,
    "gatewayId": "ocid1.apigateway.oc1.iad.<unique_ID>",
    "httpUserAgent": "Apache-HttpClient/4.5.9 (Java/1.8.0_252)",
    "message": "GET /example/ HTTP/1.1",
    "opcRequestId": "FF7F0B8A32246FC7526AE45A2FA8D5CE/A408784281BF81B0EE23596CE57CA93C/C06F7DDDFC7C505FAA0566D8F2FE0BB2",
    "remoteAddr": "138.2.05.172",
    "requestDuration": 0.016,
    "status": 404
  }

API Deployment Execution Log

API deployment execution logs record information about processing within the API gateway for an individual route, to help with troubleshooting and monitoring. Each execution log entry contains information (time the request was received, level to denote the severity of the log message, a message code, and so on). For the complete list of fields, see Contents of an Execution Log.

Contents of an Execution Log

By default Log Level info is enabled. This value is JSON-formatted data with the following fields:

Field Example Description
code request.loopDetected Short code for the logging event encountered while running the request. For the complete list of message codes, see the "Log Codes" table Log Codes.
gatewayId ocid1.apigateway.oc1.iad.<unique_ID> API gateway OCID for the API deployment servicing the request.
functionId ocid1.fnfunc.oc1.iad.<unique_ID> OCID of function that the API gateway invoked. This field is only present for function backends.
level WARN Log level for the execution log entry, whether INFO, WARN, or ERROR.
message A request loop has been detected - requests for this gateway are being directed back to this gateway. Execution message emitted while processing the request.
opcRequestId FF7F0B8A32246FC7526AE45A2FA8D5CE/

A408784281BF81B0EE23596CE57CA93C/

C06F7DDDFC7C505FAA0566D8F2FE0BB2

Value of the opc-request-id HTTP header, or an internally generated request ID if none was specified in the request.
functionCode FunctionInvokeSyslogUnavailable A code provided by OCI Functions to uniquely define the function's error. This field is only present for function backends.
functionMessage Syslog endpoint unavailable A message provided by OCI Functions to describe the function's error. This field is only present for function backends.
functionStatusCode 502 The HTTP status code returned by OCI Functions. This field is only present for function backends.
configuredLimit 5 Number of requests to allow per configuredUnit. Either the rate limit, or the quota.
configuredUnit MINUTE Time period in which to allow the number of requests specified by configuredLimit. For rate limits, "SECOND". For quota, "MINUTE", "DAY", "HOUR", "WEEK", or "MONTH".
entitlementName Entitlement1 Name of the entitlement the request is using to access the API deployment.
limitingKey <timestamp>/ocid1.apigatewayusageplan.oc1.iad.<unique_ID>/<entitlement-name>/ocid1.apigatewaysubscriber.oc1.iad.<unique_ID> To calculate usage for rate limit and quota purposes, requests with the same key are counted together.
limitingResourceId ocid1.apigatewayusageplan.oc1.iad.<unique_ID> OCID of the usage plan used to access the API deployment.
limitingResourceName Gold-Usage-Plan Name of the usage plan used to access the API deployment.

Log Codes

Log Code Description Related Feature
httpBackend.timeout Request to the HTTP backend timed out. HTTP Backend
httpBackend.dnsResolutionFailed Failed to resolve the HTTP backend URL.
httpBackend.sslHandshakeFailed SSL Handshake failed with the HTTP backend.
httpBackend.successfulRequest Successful request to the HTTP backend.
httpBackend.responseReceived Response received from the HTTP backend.
httpBackend.requestSent Request sent to the HTTP backend.
functionBackend.successfulRequest Successful invocation of function in OCI Functions. OCI Functions Backend
functionBackend.notFoundOrNotAuthorized Failed to invoke the function in OCI Functions due to 404 from OCI Functions service.
functionBackend.rateLimited Rate limited when invoking the function in OCI Functions.
functionBackend.serviceUnavailable OCI Functions service unavailable.
functionBackend.badGateway Received "Bad Gateway" when invoking the function in OCI Functions.
functionBackend.timeout Invocation of function in OCI Functionstimed out.
functionBackend.internalServiceError Internal service error when invoking the function in OCI Functions.
specification.badVariableReference The context variable couldn't be resolved. Incorrect Specification at run-time
specification.invalidAuthenticationPolicy Invalid authentication policy.
specification.badTransformationPolicy Bad transformation policy.
specification.badHeaderTransformationPolicy Bad Header Transformation policy.
specification.badQueryParameterTransformationPolicy Bad Query Parameter Transformation policy.
request.internalServiceError Internal service error. Request processing
request.loopDetected A request loop condition has been detected, whereby requests for the gateway are being redirected to itself creating a cycle.
request.possibleLoopDetected A possible request loop condition has been detected, whereby requests for the gateway are being redirected to itself creating a cycle.
request.headersTruncated Request headers were truncated.
request.queryParametersTruncated Request query parameters were truncated.
authorization.unauthorizedRequest Authorization failed for the request. Request Authorization
authorization.scopeCheckFailed Failed to check the scope for the request.
customAuthentication.successfulFunctionInvocation Successfully invoked the Oracle Function. Custom Authentication
customAuthentication.failedFunctionInvocation Failed to invoke the Oracle Function.
customAuthentication.successfulAuthentication Custom Authentication successful.
customAuthentication.authenticationFailed Custom Authentication failed.
customAuthentication.unexpectedResponse Unexpected response from the Oracle Function.
jwtAuthentication.successfulAuthentication JWT Authentication successful. JWT Authentication
jwtAuthentication.authenticationFailed JWT Authentication failed.
jwtAuthentication.badJsonWebKeySet JSON Web Key Set is not valid.
jwtAuthentication.loadingJsonWebKeySet Loading the JSON Web Key Set.
headerTransformation.badHeaderValue Bad value for request header. Header Transformation
headerTransformation.protectedHeaderTransformed The policy tried to transform a protected header.
headerTransformation.protectedElementTransformed The policy tried to transform a protected element.
headerTransformation.missingSetValues Missing value for the set transform policy.
queryParameterTransformation.badParameterValue Bad value for request query parameter. Query Parameter Transformation
queryParameterTransformation.protectedElementTransformed The policy tried to transform a protected element.
queryParameterTransformation.missingSetValues Missing value for the set transform policy.
requestValidation.validationError Request failed a validation policy. Request Validation
usagePlans.requestPermitted Request from a usage plan subscriber was allowed. Usage Plans
usagePlans.requestRejected Request from a usage plan subscriber was rejected.
usagePlans.requestBreachedButAllowed The request was allowed, even though the maximum number of requests specified by a usage plan entitlement was exceeded.
usagePlans.eligibleNotEntitled The API deployment is not the target of an entitlement in any usage plan, even though the API deployment specification includes a usage plan request policy that specifies a client token.
dynamicRouting.backendMatched The request matched a back end rule, and was routed to the associated back end. Dynamic Back End Routing
dynamicRouting.backendRejected The request failed because the request did not match a back end rule, and no default rule was defined.
dynamicRouting.defaultBackendMatched The request did not match a back end rule, and so was routed to the back end associated with the default rule.
dynamicAuthentication.defaultAuthenticationServerMatched The selected context variable value did not match any of the authentication server rules, but a default authentication server had been specified so that was used for authentication. Dynamic Authentication Server Selection
dynamicAuthentication.authenticationServerMatched The selected context variable value matched one of the authentication server rules.
dynamicAuthentication.noAuthenticationServerMatched The selected context variable value did not match any of the authentication server rules, and no default authentication server had been specified.
dynamicAuthentication.jwtTokenNotFound The selected context variable was request.auth[claimName] but no JWT token was sent with the request.
dynamicAuthentication.jwtTokenInvalid The selected context variable was request.auth[claimName] but an invalid JWT token was sent with the request.
authentication.validationFailurePolicyInvalid The validation failure policy is not a defined type. Request-based Authentication

Sample Execution Logs

  • Type: Request
  • Scenario: Request Loop Detected
  • Description: A request loop condition has been detected, whereby requests for the gateway are being redirected to itself creating a cycle.
  • Example:
    {
        "code": "request.loopDetected",
        "gatewayId": "ocid1.apigateway.oc1.iad.<unique_ID>",
        "level": "WARN",
        "message": "A request loop has been detected - requests for this gateway are being directed back to this gateway.",
        "opcRequestId": "FF7F0B8A32246FC7526AE45A2FA8D5CE/A408784281BF81B0EE23596CE57CA93C/C06F7DDDFC7C505FAA0566D8F2FE0BB2",
     }