As our developer community grows, we will continue to take a modern approach to help our community develop faster and reduce the need for support via self-service cloud tools. In general, we will start to offer such tools via APIs and then further expose the dev tools API functionality into our back office to facilitate ongoing use.
API Logging
To improve the ability to debug APIs from the caller side when APIs calls do not succeed, we are exposing a new logging endpoint that can retrieve the API request/response data with a unique ACME Request ID to be returned in all API calls.
NOTE: This feature will be released in phases and will be in Beta mode for a short time until all stakeholders are happy with the initial releases. We will start by logging exceptions only, then expand into logging every API call. Over time, we will expose the API logging into our back office into a new LOGS section. In the meantime, we welcome your feedback!
Unique Request ID
An API call into our infrastructure will now return a response header named:
x-acme-request-id
Its value will be used to lookup the details of the API when it was run. See example below. As a best practice, we recommend that you:
- Log into your server systems (if called by servers) the acme_request_id so that is easily accessible when needed.
- When logging a request into our API Support team, please provide the acme_request_id as this can help turn around your request faster.
Looking up an API execution detail
In production or sandboxes, With your API key as the x-acme-api-key authentication header, call the B2B endpoint
api.acmeticketing.com/v2/b2b/apilog/{acme_request_id} or in a sandbox use the .net domain
which will return the details when there was an exception, else you will get an object not found message (that is, until we log everything). Please note that capability is also available in our sandboxes and you can replace the domain name accordingly.
Here is an example of a failed checkout where we do also mask card information for PCI reasons.
request/v3/b2c/checkout: headers: time logged: Tue Dec 22 20:11:33 UTC 2020query string: null headers: x-b2c-tenant-id=107 Accept=*/* Cache-Control=no-cache User-Agent=PostmanRuntime/7.26.8 Connection=keep-alive Postman-Token=654c100c-27f2-4002-8623-83e09781499e Host=localhost:8081 Accept-Encoding=gzip, deflate, br Content-Length=377 Content-Type=application/json payload: {"shoppingCartId":"5fdeae1883dedaac4628caf9","ticketDeliveryEmail":"","acmeToken":"4242424246","expDate":"1221","manualEntryCardNumber":"card_masked_out","cvc":"cvc_masked_out","ccLastFourDigits":"4246","checkoutForms":[],"billingFirstName":"ec","billingLastName":"kub","billingEmail":"[email protected]","billingPhoneNumber":"9256832166","billingAddress1":"1891 palm avenue","billingAddress2":"ACME Technologies","billingCountry":"United States","billingCity":"Redwood City","billingZipCode":"94061","billingState":"California","emailAnalytics":{"acmeAnalyticsClientId":"984189809.1605577478","tenantAnalyticsClientId":"0e8e310b-166d-4a82-837c-58c7f3e7fb1e"}} response: code:-1 payload:Input Parameter Validation Failed For : 'Name' Parameter
Security and PCI Compliance
Upon storage and therefore in the lookup response, PCI Card data is masked out to prevent storing sensitive card account number.
Our underlying cloud storage for API logging is also encrypted at rest.