Today I learned that `HTTParty` gem has a built-in option for enabling logging details of all requests made by the gem.

There are two handy options to be precise.

1. `logger` class method

A signature of the method is as follows:

#logger(logger, level = :info, format = :apache) ⇒ Object

The library includes two formatters, apache and curl .

The below snippet is enough to enable logging `HTTParty` requests in a standard Ruby on Rails app:

class GoogleGateway include HTTParty logger Rails.logger, :info, :apache ... end

As a result, I get the following log messages:

[HTTParty] [2018-10-04 18:38:15 +0200] 200 "GET /user/:user_id" 137

Much better than nothing. The only minor drawback is missing built-in JSON formatter compatible with Logstash requirements. ELK Stack is commonly used today for consuming logs.

Open source contribution

To address the above issue I decided to

If you think that is is a good idea to have Logstash compatible formatter in the gem you can leave +1 in the PR 🙂 To address the above issue I decided to open a PR in the repository.If you think that is is a good idea to have Logstash compatible formatter in the gem you can leavein the PR 🙂

2. `debug_output` class method

#debug_output(stream = $stderr) ⇒ Object

This one outputs much more details about requests. Therefore, it should be used for debugging purposes only.

To enable it just invoke the class method within a class:

class GoogleGateway include HTTParty debug_output Rails.logger ... end

An example output:

opening connection to [URL]:443... opened starting SSL for [URL]:443... SSL established <- "GET /users/:user_id HTTP/1.1\r

Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3\r

Accept: */*\r

User-Agent: Ruby\r

Authorization: Basic [BASIC_AUTH]\r

Connection: close\r

Host: [URL]\r

\r

" -> "HTTP/1.1 200 OK\r

" -> "Content-Type: application/json; charset=UTF-8\r

" -> "Date: Thu, 04 Oct 2018 19:11:13 GMT\r

" -> "Server: nginx\r

" -> "Content-Length: 137\r

" -> "Connection: Close\r

"

As you can see the output may contain sensitive data like `Authorization` header. Enabling the option on a production environment is not the best idea 🙂

Summary

Live and learn. Thanks to one additional line with logger method invocation I started collecting valuable log messages.