| title | description | services | author | ms.service | ms.topic | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|
Tutorial - Debug APIs in Azure API Management using request tracing |
Follow the steps of this tutorial to enable tracing and inspect request processing steps in Azure API Management. |
api-management |
dlepow |
api-management |
tutorial |
05/05/2024 |
danlep |
devdivchpfy22 |
[!INCLUDE api-management-availability-all-tiers]
This tutorial describes how to inspect (trace) request processing in Azure API Management. Tracing helps you debug and troubleshoot your API.
In this tutorial, you learn how to:
[!div class="checklist"]
- Trace an example call in the test console
- Review request processing steps
- Enable tracing for an API
:::image type="content" source="media/api-management-howto-api-inspector/api-inspector-002.png" alt-text="Screenshot showing the API inspector." lightbox="media/api-management-howto-api-inspector/api-inspector-002.png":::
- Learn the Azure API Management terminology.
- Complete the following quickstart: Create an Azure API Management instance.
- Complete the following tutorial: Import and publish your first API.
[!INCLUDE api-management-tracing-alert]
-
Sign in to the Azure portal, and navigate to your API Management instance.
-
Select APIs.
-
Select Demo Conference API from your API list.
-
Select the Test tab.
-
Select the GetSpeakers operation.
-
Optionally check the value for the Ocp-Apim-Subscription-Key header used in the request by selecting the "eye" icon.
[!TIP] You can override the value of Ocp-Apim-Subscription-Key by retrieving a key for another subscription in the portal. Select Subscriptions, and open the context menu (...) for another subscription. Select Show/hide keys and copy one of the keys. You can also regenerate keys if needed. Then, in the test console, select + Add header to add an Ocp-Apim-Subscription-Key header with the new key value.
-
Select Trace.
-
After the call completes, go to the Trace tab in the HTTP response.
-
Select any of the following links to jump to detailed trace info: Inbound, Backend, Outbound, On error.
:::image type="content" source="media/api-management-howto-api-inspector/response-trace-1.png" alt-text="Review response trace":::
-
Inbound - Shows the original request API Management received from the caller and the policies applied to the request. For example, if you added policies in Tutorial: Transform and protect your API, they'll appear here.
-
Backend - Shows the requests API Management sent to the API backend and the response it received.
-
Outbound - Shows the policies applied to the response before sending back to the caller.
-
On error - Shows the errors that occurred during the processing of the request and the policies applied to the errors.
[!TIP] Each step also shows the elapsed time since the request is received by API Management.
-
You can enable tracing for an API when making requests to API Management using curl, a REST client such as Visual Studio Code with the REST Client extension, or a client app.
Enable tracing by the following steps using calls to the API Management REST API.
Note
The following steps require API Management REST API version 2023-05-01-preview or later. You must be assigned the Contributor or higher role on the API Management instance to call the REST API.
-
Obtain trace credentials by calling the List debug credentials API. Pass the gateway ID in the URI, or use "managed" for the instance's managed gateway in the cloud. For example, to obtain trace credentials for the managed gateway, use a call similar to the following:
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/gateways/managed/listDebugCredentials?api-version=2023-05-01-preview
In the request body, pass the full resource ID of the API that you want to trace, and specify
purposesastracing. By default the token credential returned in the response expires after 1 hour, but you can specify a different value in the payload.{ "credentialsExpireAfter": PT1H, "apiId": "<API resource ID>", "purposes": ["tracing"] }The token credential is returned in the response, similar to the following:
{ "token": "aid=api-name&p=tracing&ex=......." } -
To enable tracing for a request to the API Management gateway, send the token value in an
Apim-Debug-Authorizationheader. For example, to trace a call to the demo conference API, use a call similar to the following:curl -v GET https://apim-hello-world.azure-api.net/conference/speakers HTTP/1.1 -H "Ocp-Apim-Subscription-Key: <subscription-key>" -H "Apim-Debug-Authorization: aid=api-name&p=tracing&ex=......."
-
Depending on the token, the response contains different headers:
- If the token is valid, the response includes an
Apim-Trace-Idheader whose value is the trace ID. - If the token is expired, the response includes an
Apim-Debug-Authorization-Expiredheader with information about expiration date. - If the token was obtained for wrong API, the response includes an
Apim-Debug-Authorization-WrongAPIheader with an error message.
- If the token is valid, the response includes an
-
To retrieve the trace, pass the trace ID obtained in the previous step to the List trace API for the gateway. For example, to retrieve the trace for the managed gateway, use a call similar to the following:
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/gateways/managed/listTrace?api-version=2023-05-01-preview
In the request body, pass the trace ID obtained in the previous step.
{ "traceId": "<trace ID>" }The response body contains the trace data for the previous API request to the gateway. The trace is similar to the trace you can see by tracing a call in the portal's test console.
For information about customizing trace information, see the trace policy.
In this tutorial, you learned how to:
[!div class="checklist"]
- Trace an example call
- Review request processing steps
- Enable tracing for an API
Advance to the next tutorial:
[!div class="nextstepaction"] Use revisions