A lightweight Laravel package for logging requests made to your API.
| Package version | Laravel | PHP | Status |
|---|---|---|---|
| 3.x (this branch) | 11 / 12 / 13 | ≥ 8.2 | Active |
2.x (v2) |
7 – 10 | ≥ 7.2 | Security fixes |
1.x (v1) |
7 – 10 | ≥ 7.2 | End of life |
Upgrading from an older version? See the upgrade guide.
Add the package to your Laravel application using composer:
composer require codetech/laravel-api-logs
The service provider is registered automatically via package discovery.
Publish the migration file:
php artisan vendor:publish --provider="CodeTech\ApiLogs\Providers\ApiLogServiceProvider" --tag=migrations
Run the migration:
php artisan migrate
Add the HasApiLogs trait to the model that makes the requests (typically your User model):
use CodeTech\ApiLogs\Traits\HasApiLogs;
class User extends Authenticatable
{
use HasApiLogs;
}To start logging requests made to your API, append the middleware to the api middleware group in your bootstrap/app.php:
use CodeTech\ApiLogs\Http\Middleware\LogApiRequest;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
// ...
->withMiddleware(function (Middleware $middleware) {
$middleware->appendToGroup('api', LogApiRequest::class);
})
// ...
->create();Only authenticated requests are logged. Each log stores the URL, HTTP method, client IP, request data, request headers, response data and the request duration, and is linked to the authenticated user through a polymorphic causer relation:
$user->apiLogs; // all ApiLog entries for the user
$apiLog->causer; // the model that made the requestSensitive values are redacted by default before a log is stored: common credential fields (password, token, access_token, …) in the request data, query string and response data, and sensitive request headers (Authorization, Cookie, X-Api-Key, …) are replaced with [REDACTED].
To customize the authentication guard, the redaction lists or the replacement string, publish the config file:
php artisan vendor:publish --provider="CodeTech\ApiLogs\Providers\ApiLogServiceProvider" --tag=config
Then adjust config/api-logs.php:
return [
'guard' => null,
'redact' => [
'replacement' => '[REDACTED]',
'keys' => ['password', 'access_token' /* , ... */],
'headers' => ['authorization', 'cookie' /* , ... */],
],
];guard pins the authentication guard used to resolve the user a logged request is attributed to (e.g. 'sanctum'). When null, the request's default guard is used — the one set by the auth middleware, or the application's default guard.
keys are matched case-insensitively and recursively against the request payload, query string and response data; headers are matched against request header names.
The test suite is split into Unit and Feature suites. Run the tests, static analysis and code-style checks via Composer:
composer test # PHPUnit test suite
composer analyse # PHPStan/Larastan static analysis
composer lint # Pint code-style check (run `composer format` to fix)Every release is documented on the GitHub releases page.
Contributions are welcome! Please read the contributing guidelines before opening an issue or pull request.
If you discover a security vulnerability, please follow the security policy — do not report it publicly.
If this package helps you, consider starring the repository — it helps other developers discover it.
codetech/laravel-api-logs is open-sourced software licensed under the MIT license.
CodeTech is a web development agency based in Matosinhos, Portugal. Oh, and we LOVE Laravel!
