HTTP headers, logging, audits

Common Headers

access log

potentially PII requiring sensitive handling

  • x-forwarded-for - client/firewall/proxy host/IP (potentially PII)
  • x-request-id - correlation id
  • x-user-id - the user id optionally from JWT (potentially PII)
  • x-org-id - the org optionally from JWT 
  • timestamp - UTC
  • endpoint path
app log

ideally no PII, some will contain PII and requires sensitive handling
  • x-request-id - correlation id
  • timestamp - utc
  • endpoint path
audit log

potentially PII, some audits will contain PII and requires sensitive handling
  • org Id
  • user Id
  • timestamp UTC
  • action (CRUD)
  • data

Comments

Popular posts from this blog

Sites, Newsletters, and Blogs

Oracle JDBC ReadTimeout QueryTimeout