APItoolkit full color logo
Sign Up

Pyramid SDK Guide

To integrate your FastAPI application with APItoolkit, you need to use this SDK to monitor incoming traffic, aggregate the requests, and then send them to APItoolkit's servers. Kindly follow this guide to get started and learn about all the supported features of APItoolkit's Pyramid SDK.


Prerequisites

Ensure you have already completed the first three steps of the onboarding guide.

Installation

Kindly run the command below to install the SDK:

pip install apitoolkit-pyramid

Configuration

Next, add the APITOOLKIT_KEY variable to your settings or development.ini or production.ini file, like so:

settings = {
  "APITOOLKIT_KEY": "{ENTER_YOUR_API_KEY_HERE}",
  "APITOOLKIT_DEBUG": False,
  "APITOOLKIT_TAGS": ["environment: production", "region: us-east-1"],
  "APITOOLKIT_SERVICE_VERSION": "v2.0",
  "APITOOLKIT_ROUTES_WHITELIST": ["/api/first", "/api/second"],
  "APITOOLKIT_IGNORE_HTTP_CODES": [404, 429]
}

APITOOLKIT_KEY = "{ENTER_YOUR_API_KEY_HERE}"

APITOOLKIT_DEBUG = False
APITOOLKIT_TAGS = environment: production, region: us-east-1
APITOOLKIT_SERVICE_VERSION = "v2.0"
APITOOLKIT_ROUTES_WHITELIST = /api/first, /api/second
APITOOLKIT_IGNORE_HTTP_CODES = 404, 429

Then, initialize APItoolkit in your application's entry point (e.g., app.py), like so:

from wsgiref.simple_server import make_server
from pyramid.config import Configurator
from pyramid.response import Response
from pyramid.view import view_config

@view_config(route_name='home')
def home(request):
  return Response('Welcome!')

if __name__ == '__main__':
  settings = {
    "APITOOLKIT_KEY": "{ENTER_YOUR_API_KEY_HERE}"
  }
  with Configurator(settings=settings) as config:
    # Initialize APItoolkit
    config.add_tween("apitoolkit_pyramid.APIToolkit")
    # END Initialize APItoolkit
    config.add_route('home', '/')
    config.scan()
    app = config.make_wsgi_app()
  server = make_server('0.0.0.0', 6543, app)
  server.serve_forever()

In the configuration above, only the APITOOLKIT_KEY option is required, but you can add the following optional fields:

OptionDescription
APITOOLKIT_DEBUGSet to true to enable debug mode.
APITOOLKIT_TAGSA list of defined tags for your services (used for grouping and filtering data on the dashboard).
APITOOLKIT_SERVICE_VERSIONA defined string version of your application (used for further debugging on the dashboard).
APITOOLKIT_ROUTES_WHITELISTA list of route prefixes that should be captured (only capture specific incoming requests that match these prefixes).
APITOOLKIT_IGNORE_HTTP_CODESA list of HTTP status codes that should NOT be captured (ignore status codes you're not interested in or are spamming your logs).
APITOOLKIT_REDACT_HEADERSA list of HTTP header keys to redact.
APITOOLKIT_REDACT_REQ_BODYA list of JSONPaths from the request body to redact.
APITOOLKIT_REDACT_RES_BODYA list of JSONPaths from the response body to redact.

Tip

The {ENTER_YOUR_API_KEY_HERE} demo string should be replaced with the API key generated from the APItoolkit dashboard.

Redacting Sensitive Data

If you have fields that are sensitive and should not be sent to APItoolkit servers, you can mark those fields to be redacted (the fields will never leave your servers).

To mark a field for redacting via this SDK, you need to add some additional fields to your development.ini or production.ini file or settings with paths to the fields that should be redacted. There are three variables you can provide to configure what gets redacted, namely:

  1. APITOOLKIT_REDACT_HEADERS: A list of HTTP header keys.
  2. APITOOLKIT_REDACT_REQ_BODY: A list of JSONPaths from the request body.
  3. APITOOLKIT_REDACT_RES_BODY: A list of JSONPaths from the response body.


JSONPath is a query language used to select and extract data from JSON files. For example, given the following sample user data JSON object:

{
  "user": {
    "name": "John Martha",
    "email": "[email protected]",
    "addresses": [
      {
        "street": "123 Main St",
        "city": "Anytown",
        "state": "CA",
        "zip": "12345"
      },
      {
        "street": "123 Main St",
        "city": "Anytown",
        "state": "CA",
        "zip": "12345"
      }
    ],
    "credit_card": {
      "number": "4111111111111111",
      "expiration": "12/28",
      "cvv": "123"
    }
  }
}

Examples of valid JSONPath expressions would be:

JSONPathDescription
$.user.addresses[*].zipIn this case, APItoolkit will replace the zip field in all the objects of the addresses list inside the user object with the string [CLIENT_REDACTED].
$.user.credit_cardIn this case, APItoolkit will replace the entire credit_card object inside the user object with the string [CLIENT_REDACTED].

Tip

To learn more about JSONPaths, please take a look at the official docs or use this JSONPath Evaluator to validate your JSONPath expressions.

You can also use our JSON Redaction Tool to preview what the final data sent from your API to APItoolkit will look like, after redacting any given JSON object.


Here's an example of what the configuration would look like with redacted fields:

settings = {
  "APITOOLKIT_REDACT_HEADERS": ["content-type", "Authorization", "HOST"],
  "APITOOLKIT_REDACT_REQ_BODY": ["$.user.email", "$.user.addresses"],
  "APITOOLKIT_REDACT_RES_BODY": ["$.users[*].email", "$.users[*].credit_card"]
}

APITOOLKIT_REDACT_HEADERS: content-type, Authorization, HOST
APITOOLKIT_REDACT_REQ_BODY: $.user.email, $.user.addresses
APITOOLKIT_REDACT_RES_BODY: $.users[*].email, $.users[*].credit_card

Note

  • The APITOOLKIT_REDACT_HEADERS variable expects a list of case-insensitive headers as strings.
  • The APITOOLKIT_REDACT_REQ_BODY and APITOOLKIT_REDACT_RES_BODY variables expect a list of JSONPaths as strings.
  • The list of items to be redacted will be applied to all endpoint requests and responses on your server.

Error Reporting

With APItoolkit, you can track and report different unhandled or uncaught errors, API issues, and anomalies at different parts of your application. This will help you associate more detail and context from your backend with any failing customer request.

To manually report specific errors at different parts of your application, use the report_error() function from the apitoolkit_pyramid module, passing in the request and error arguments, like so:

from pyramid.response import Response
from pyramid.view import view_config
from apitoolkit_pyramid import observe_request, report_error

@view_config(route_name='home')
def home(request):
  try:
    resp = observe_request(request).get(
      "https://jsonplaceholder.typicode.com/todos/2")
    return Response(resp.read())
  except Exception as e:
    report_error(request, e)
    return Response("something went wrong")

Monitoring Outgoing Requests

Outgoing requests are external API calls you make from your API. By default, APItoolkit monitors all requests users make from your application and they will all appear in the API Log Explorer page. However, you can separate outgoing requests from others and explore them in the Outgoing Integrations page, alongside the incoming request that triggered them.

To monitor outgoing HTTP requests from your application, use the observe_request() function from the apitoolkit_pyramid module, passing in the request argument, like so:

from pyramid.response import Response
from pyramid.view import view_config
from apitoolkit_pyramid import observe_request

@view_config(route_name='home')
def home(request):
  resp = observe_request(request).get(
    "https://jsonplaceholder.typicode.com/todos/2")
  return Response(resp.read())

The observe_request() function accepts a required request argument, and the following optional arguments:

OptionDescription
url_wildcardThe url_path string for URLs with path parameters.
redact_headersA list of HTTP header keys to redact.
redact_response_bodyA list of JSONPaths from the request body to redact.
redact_request_bodyA list of JSONPaths from the response body to redact.

Tip

The observe_request() function wraps an HTTPX client and you can use it just like you would normally use HTTPX for any request.


Explore the Pyramid SDK