Logging API traffic

Last updated: 2 minutes read.

Tyk Gateway can be configured to generate a record of every request made to APIs deployed on the gateway and the response sent back to the originating client. The details of these transactions will be stored in the Redis storage, from which they can be transferred to persistent storage using Tyk Pump. In Tyk these transaction logs are also referred to as traffic analytics or simply analytics.

When to enable traffic analytics logging

Monitoring the usage of your APIs is a key functionality provided by any API Management product. Traffic analytics give you visibility of specific and aggregated accesses to your services which you can monitor trends over time. You can identify popular and underused services which can assist with, for example, determining the demand profile for your services and thus appropriate sizing of the upstream capacity.

Security monitoring

Tracking requests made to security-critical endpoints, like those used for authentication or authorization, can help in identifying and mitigating potential security threats. Monitoring these endpoints for unusual activity patterns is a proactive security measure.

Development and testing

Enabling tracking during the development and testing phases can provide detailed insights into the API’s behaviour, facilitating bug identification and performance optimisation. Adjustments to tracking settings can be made as the API transitions to production based on operational requirements.

How traffic analytics logging works

Traffic analytics logging is enabled in the Gateway configuration using the enable_analytics option (or using the equivalent environment variable TYK_GW_ENABLEANALYTICS).

The transaction records generated by the Gateway are stored in Redis, from which Tyk Pump can be configured to transfer them to the desired persistent storage. When using Tyk Dashboard, the Aggregate Pump can be used to collate aggregated data that is presented in the analytics screens of the Tyk Dashboard.

The Gateway will not, by default, include the request and response payloads in the transaction records. This minimises the size of the records and also avoids logging any sensitive content. The detailed recording option is provided if you need to capture the payloads in the records.

You can suppress the generation of transaction records for any endpoint by enabling the do-not-track middleware for that endpoint. This provides granular control over request tracking.

You can find details of all the options available to you when configuring analytics in the Gateway in the reference documentation.