Helix Framework Documentation

Example

Logging HTTP

Demonstrates how to enable and configure Helix HTTP request and response logging. Shows header and query-parameter exclusion, response-header exclusion, and value redaction via helix-logstash.
Group
REST API
Path
examples/rest-api/logging-http
Source README

Overview

Helix Spring Boot web service that shows how to enable and configure HTTP request and response logging, exclude

selected headers and query parameters, and redact sensitive values in the emitted log output.

Run this example from the shared examples build:

Run

Run this example from the shared examples build


./gradlew -p examples runExample -Pexample=rest-api/logging-http --init-script "$(pwd)/helix.init.gradle"

What It Shows

  • the Helix API starter baseline
  • enabling the built-in HTTP request/response logging filter with helix.filter.httplogging.enabled=true
  • scoping HTTP logging to selected paths with helix.filter.httplogging.url-patterns
  • including normal request and response headers in log output by default
  • excluding sensitive request headers, response headers, and query parameters from the HTTP log output
  • using helix-logstash masking so sensitive values inside the emitted log message are redacted

Endpoints

  • GET /v1/logging-http/debug
  • POST /v1/logging-http/orders
  • GET /liveness
  • GET /health

Example success response

{
  "orderId": "order-audit-100",
  "customerName": "Taylor Example",
  "channel": "web",
  "visibleRequestHeader": "client-123",
  "visibleResponseHeader": "audit",
  "creditCardNumber": "4111 1111 1111 1111",
  "taxId": "123-45-6789",
  "note": "Charge card 4111 1111 1111 1111 and verify tax id 123-45-6789"
}

Example HTTP log output

{
  "message": "{\"type\": \"REQUEST\", \"method\": \"POST\", \"url\": \"/v1/logging-http/orders\", \"queryParams\": {\"channel\":[\"web\"]}, \"headers\": {\"X-Client-Id\":[\"client-123\"]}, \"body\": \"{\\\"customerName\\\":\\\"Taylor Example\\\",\\\"creditCardNumber\\\":\\\"*****1111\\\",\\\"taxId\\\":\\\"*****6789\\\",\\\"note\\\":\\\"Charge card *****1111 and verify tax id *****6789\\\"}\", \"remoteAddress\": \"127.0.0.1\"}"
}

Development

Building the Application

Run the following command to build the service:

Command

Building the Application


./gradlew clean build

Testing the Application

Run the following command to run the service tests:

Command

Testing the Application


./gradlew test
./gradlew integration

Trying the API

Run the service:

Then try:

What to look for in the logs:

  • X-Client-Id is present because normal headers are included by default - Authorization, Cookie, and X-Excluded-Request-Header are omitted because the HTTP logging filter excludes them - sessionToken is omitted because query-parameter exclusion is configured - X-Log-Mode is present on the response log line - Set-Cookie and X-Hidden-Response-Header are omitted from the response log line - the credit card number and tax ID inside the logged request and response bodies are redacted by helix-logstash

Command

Trying the API


./gradlew bootRun

Command

Trying the API


curl http://localhost:8080/v1/logging-http/debug

curl -i -X POST "http://localhost:8080/v1/logging-http/orders?channel=web&sessionToken=should-not-be-logged" \
  -H "Content-Type: application/json" \
  -H "X-Client-Id: client-123" \
  -H "Authorization: Bearer super-secret-token" \
  -H "X-Excluded-Request-Header: should-not-appear" \
  -d '{
    "customerName": "Taylor Example",
    "creditCardNumber": "4111 1111 1111 1111",
    "taxId": "123-45-6789",
    "note": "Charge card 4111 1111 1111 1111 and verify tax id 123-45-6789"
  }'