3.6 Logging [1]¶

Logging plays a vital role in API design and development. Modern middleware platforms, in addition to integrating internal logging mechanisms, can connect to external APIs that allow the collection (log collection), research and production of analytics, useful for the identification of problems and the monitoring of the system and QoS. The use of log collectors allows to centralize not only the logs related to the use of the API, but also those of any other digital services and network components (e.g., Proxies and application-gateways). For non-repudiation purposes, the application messages can be stored together with the digital signature and archived in compliance with the regulations on conservation and privacy. The provider must document in detail the format and methods of information tracking, consulting and retrieving.

Figure 3 - Explanatory diagram of TDH logging process

As part of the TDH022 interoperability, the provider will not track confidential information such as passwords, private keys or authentication tokens in the logs; in addition, it must trace an event for each request containing at least the following minimum parameters:

• Timestamp of the request;
• identification of the user and of the requested operation;
• type of call;
• outcome of the call;
• where applicable, the identification of the Consumer of the API Service or other person operating the request communicated by the User - who will provide for the coding and anonymization, where necessary;
• a unique identifier of the request, useful for any correlations.