Logging y auditoría
Logging y auditoría
Request log fields and how they connect API activity to company credentials.
Request log fields and how they connect API activity to company credentials.
Campos persistidos
| Field | Description |
|---|---|
method | HTTP method. |
path | Original URL with query string. |
normalizedPath | Path without query string. |
statusCode | Final HTTP status. |
durationMs | Request duration in milliseconds. |
profileId | Resolved Developer Profile (internal Mongo id, kept for relations and audit). |
profileCode | Resolved Developer Profile code (dp_ prefix) sent in X-Travelandz-Id. |
profileKey | Public key used by the request. |
credentialId | Embedded credential/API key _id; preferred key for API-key audit views. |
companyId | Associated company. |
ip | Express-resolved IP; depends on TRUST_PROXY. |
origin | Hostname from Origin or Referer. |
userAgent | User agent. |
gdsprovider | Provider inferred from the path when applicable. |
errorCode | Structured error code when present in the response. |
errorMessage | Short error message. |
requestContentLength | Request content length. |
responseContentLength | Response content length. |
Credential traceability
Use credentialId for exact joins between dashboard credentials and logs. Use profileKey when the UI only has the public key, or when diagnosing historical records created before credential identifiers were surfaced.
Security
Logs must never include Authorization, bearer tokens, decrypted secret keys or raw third-party provider credentials.