# corrivate/magento2-rest-api-logger > Advanced and convenient logging `composer require corrivate/magento2-rest-api-logger` Canonical URL: https://packagento.com/corrivate/magento2-rest-api-logger ## At a glance - **Vendor**: corrivate (https://packagento.com/corrivate.md) - **Latest version**: 1.3.0 — released 2025-05-14 - **Pricing**: Free - **Package type**: Magento 2 module - **Status**: active, accepting new buyers ## Installation Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them. 1. **Sign in or create an account** at https://packagento.com/customer/account/. 2. **Add the package to your account.** Open https://packagento.com/corrivate/magento2-rest-api-logger and complete the free checkout. A licence is minted automatically. 3. **Create or pick a project, then activate the licence on it.** - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/. - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project. 4. **Add the project credentials to your Magento codebase.** Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`: ```json { "http-basic": { "packagento.com": { "username": "ppk_live_...", "password": "psk_live_..." } } } ``` Add the Packagento Composer repository to `composer.json`: ```json { "repositories": [ { "type": "composer", "url": "https://packagento.com" } ] } ``` 5. **Install and apply.** ```bash composer require corrivate/magento2-rest-api-logger:* bin/magento setup:upgrade bin/magento setup:di:compile bin/magento cache:flush ``` ## What it does Advanced and convenient logging ## README [![Latest Version on Packagist](https://img.shields.io/packagist/v/corrivate/magento2-rest-api-logger?color=blue)](https://packagist.org/packages/corrivate/magento2-rest-api-logger) [![MIT Licensed](https://img.shields.io/badge/license-MIT-brightgreen.svg)](LICENSE.md) ### Goal Get logging visibility on the use of the Magento REST API: * Which requests are made, by which IP & user agent, to what endpoints? * What is in those requests? * What are they getting as responses? At HYPR we've found this to be quite useful, because you often run into questions such as: * Which external integration interacted with this product's data? * The third party warehouse claims to have set product qty to X, but it's showing as Y. Have they really set it to X? * Product image roles are configured strangely. Has someone used the wrong store code when updating them through the API? ### IMPORTANT! Improper use of logging can expose security- and personally-sensitive data. This module is a "power tool" for debugging API issues, it is not entirely possible to prevent this. Being careful what you log is YOUR responsibility. Setting this module to "always on" is not a good idea. The module has several filters that allow you to narrow down the scope of what you're logging. ### Installation ```bash composer require corrivate/magento2-rest-api-logger bin/magento module:enable Corrivate_RestApiLogger bin/magento setup:di:compile ``` ### Configuration Most of this module's power is in the configuration. That's where you decide what kind of requests you want to log. You can configure the logger in Admin > Stores > Configuration > Services > REST API Logger. The following configurations are available: * Enable/Disable logging * Enable/Disable safer mode (which censors some privacy-sensitive payloads) * Include request/response headers * Setting up filters #### Configure what to filter on * HTTP method (GET, POST, PUT, DELETE) * API endpoint (https://developer.adobe.com/commerce/webapi/rest/quick-reference/) * Route: can be used for query string arguments, or if you want all endpoints relating to products for example * Requester's IP address * Requester's user agent * Text in the request body * HTTP status of the response * Text in the response body #### Configure consequences when a filter matches * **Forbid** logging this request/response/both. If this filter matches it overrules all other filters. * **Require** that this specific filter matches, otherwise don't log the request/response/both. If "require" filters are specified, **all** of them need to match to log this. * **Allow** logging this if the filter matches. If any "allow" filters are configured, at least **one** of them has to match, but not all of them. * **Censor** the body of the request/response/both, but log that it took place and information about who sent it, response codes etc. * Whenever a filter matches you can also add **tags**. This is useful for example to tag all requests coming from a particular IP address so that you know it came from company X. They could also be used for later post-processing of the logs. ### Security The module will not log the body of incoming auth requests. If headers are logged, credentials will be hashed. When "safer mode" is active in the configuration, the following additional filters are applied to reduce the risk of logging sensitive data: * Header logging is disabled. * request body contains "street" => censor both * response body contains "street" => censor response * Request URLs containing these parts => censor both * /V1/applepay * /V1/braintree * /V1/carts * /V1/creditmemo * /V1/customers * /V1/guest-carts * /V1/inventory/get-latlng-from-address * /V1/inventory/get-latslngs-from-address * /V1/invoices * /V1/orders * /V1/shipment * /V1/tfa ### Credits ![HYPR](docs/HYPER.jpg) This module was originally created at HYPER. With their permission it has been open-sourced and been developed further. The design of the module builds on previous loggers, in particular https://github.com/vladflonta/magento2-webapi-log ; however, that module appears to be no longer actively supported. ### Corrivate (en.wiktionary.org) Etymology From Latin *corrivatus*, past participle of *corrivare* ("to corrivate"). #### Verb **corrivate** (*third-person singular simple present* **corrivates**, *present participle* **corrivating**, *simple past and past participle* **corrivated**) (*obsolete*) To cause to flow together, as water drawn from several streams. ## Changelog ### 1.0.0 At the 1.0 point the layout of the configuration is essentially stable. New features will still be added, but existing configuration does not have to be re-done anymore after updates. - Added more safer mode filters - Updated documentation & comments in the configuration - Some code refactoring to make endpoint filters clearer ### 0.7.1 - Fix type error in reading accept header ### 0.7.0 - Configuration revised - Should now be in stable form for the long term - Splits the filters into Request and Response tab - Removes the separate endpoint tab - Removes chosen.js which was flaky - Splits filters into separate tables that can take advantage of more specific source models - Endpoint filters improved - Handle confusion when there's overlap between routes for endpoints, such as `GET /cmsPage/search` and `GET /cmsPage/:pageId` - Some efficiencies for handling larger amounts of endpoint filters, needed for safer mode - Support for logging XML content type ### 0.6.1 - Fixed a TypeError ### 0.6.0 Endpoint improvements - Make them work - Also distinguish by HTTP method ### 0.5.0 Revision of filters - Treat filter configs as objects, to make it easier to merge different configurations in a way the filter processor doesn't need to know about. - Move method filters into dynamic rows to enable easier and more granular use - Make endpoint filters more customizable - Enable adding tags to log entries (useful for annotating IP addresses for example) ### 0.4.0 Focus on code cleanup - Moved assisting classes into more descriptive namespaces than "helper" - Renamed filter classes - Add tentative php8.3 support - Use semantic Magento composer module versions - List all dependencies in module.xml / composer.json - Apply Magento2 coding standard (within reason) ### 0.3.0 - improve README - improve configuration UI - add service include/exclude filters ### 0.2.0 - add unit tests to the filter ### 0.1.4 - simplify filter implementation - fix an error in the required filter ### 0.1.3 - fix autoload path ### 0.1.2 - move to git-only versioning, drop version from composer.json ### 0.1.1 - Fix di.xml illegal attribute ### 0.1.0 Initial release ## Recent Versions | Version | Released | |---|---| | 1.3.0 | 2025-05-14 | | 1.2.0 | 2025-02-01 | | 1.1.1 | 2024-09-25 | | 1.1.0 | 2024-04-30 | | 1.0.0 | 2024-04-15 | | 0.7.1 | 2024-04-02 | | 0.7.0 | 2024-03-11 | | 0.6.1 | 2024-03-04 | | 0.6.0 | 2024-02-19 | | 0.5.0 | 2024-02-07 | Showing 10 of 17 versions. Full release history on https://packagento.com/corrivate/magento2-rest-api-logger. ## Dependencies ### Require | Package | Constraint | |---|---| | ext-json | * | | ext-pcre | * | | magento/framework | ^103.0 | | magento/module-backend | ^102.0 | | magento/module-config | ^101.2 | | magento/module-store | ^101.1 | | magento/module-webapi | ^100.4 | | monolog/monolog | ^2.6\|\|^3.8.1 | | php | ~7.4.0\|\|~8.0.0\|\|~8.1.0\|\|~8.2.0\|\|~8.3.0\|\|~8.4.0 | | psr/log | ^1.1\|\|^2.0\|\|^3.0 | ### Require (dev) | Package | Constraint | |---|---| | bitexpert/phpstan-magento | ^0.30.1 | | phpstan/extension-installer | ^1.3 | | phpstan/phpstan | ^1.9 | ## Quality Latest release (1.3.0) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers. ### Compatibility Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`. | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | Pass | Pass | – | – | | 2.4.8 | – | Pass | Pass | – | | 2.4.9 | – | – | Pass | not tested | ### Code Quality Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible. #### Static Analysis Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module. | Tool | Status | Findings | Summary | |---|---|---|---| | PHPCS | Warning | 99 | 99 warnings (ruleset: Magento2) — 1 auto-fixable with phpcbf | | PHPMD | Warning | 8 | 8 rule violations (UnusedFormalParameter:2, CyclomaticComplexity:2, NPathComplexity:1, ExcessiveClassComplexity:1, IfStatementAssignment:1) | | Cpd | Warning | 3 | 3 duplicated chunks spanning 134 total lines (min-lines=5, min-tokens=70) | | Composer validate | Info | 1 | valid; 1 advisory note (composer validate --strict) | #### PHPStan Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases. | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | 15 | 15 | – | – | | 2.4.8 | – | 15 | 15 | – | | 2.4.9 | – | – | 15 | N/A | ### Tests Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately. #### Unit Tests | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | N/A | N/A | – | – | | 2.4.8 | – | N/A | N/A | – | | 2.4.9 | – | – | N/A | N/A | #### Integration Tests | Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 | |---|---|---|---|---| | 2.4.7 | N/A | N/A | – | – | | 2.4.8 | – | N/A | N/A | – | | 2.4.9 | – | – | N/A | N/A | ### Security Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright. | Tool | Status | Findings | Summary | |---|---|---|---| | Composer audit | Pass | 0 | | | Malware scan | Pass | 0 | | ## Licence and pricing Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step. Refundable within 14 days of first purchase via https://packagento.com/account/refunds/. ## Install via Claude Code or any MCP client The Packagento MCP server can run the licence + project + Composer steps above in one tool call: ``` purchase_and_install_packages( composer_names=["corrivate/magento2-rest-api-logger"], project_id="proj_xxx" ) ``` This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup. ## Vendor corrivate is a Magento 2 vendor on Packagento. See https://packagento.com/corrivate.md for their full catalogue.