Skip to content

resurfaceio/insomnia-plugin

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

70 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Graylog API Security Insomnia Plugin

Easily log API requests and responses to your own security data lake.

License Contributing

Requirements

Set up

  • Go to Insomnia > Preferences > Plugins

  • Type in

    insomnia-plugin-usage-logger
    
  • Click Install Plugin.

    (Alternatively, check out the manual installation.)

  • Add the variables used by the logger to your Base Environment (or create a separate new Private/Shared environment for it).

    {
        "USAGE_LOGGERS_URL": "http://localhost:7701/message",
        "USAGE_LOGGERS_RULES": "include debug"
    }

That's it!

Usage

  • Make sure the plugin is enabled (also, if you created a new private/shared environment make sure to select it).

  • Use Insomnia as you would normally.

  • Go to http://localhost:7700 to explore all your logs using the included Graylog API Security web UI

  • You can always disable the plugin if you want stop logging API calls temporarily

Happy loggin' 📝

Environment variables

This plugin has access to four environment variables, but only one them is required for the logger to work properly.

✔ All API calls are sent to the database running inside the resurface container

The environment variable USAGE_LOGGERS_URL stores this address, which by default should be the string "http://localhost:7701/message"

✔ All API calls are filtered using a set of rules (Optional)

The environment variable USAGE_LOGGERS_RULES stores these logging rules as a string. Even though this variable is optional, it is recommended to set it to "include debug" or "allow_http_url" when trying the plugin for the first time.

✔ Reponse bodies are logged up to a certain size (Optional)

If you are working with large response payloads and don't want to log the whole thing, you can use the environment variable USAGE_LOGGERS_LIMIT. It stores an integer value corresponding to the number of bytes after which a response body will not be logged (by default, this upper limit is 1 MiB).

✔ The Logger can be disabled even if the plugin is enabled (Optional)

By setting the environment variable USAGE_LOGGERS_DISABLE to true the logger will be disabled and no API calls will be logged.

Manual installation

  • Clone this repo inside:
    • MacOS: ~/Library/Application\ Support/Insomnia/plugins/
    • Windows: %APPDATA%\Insomnia\plugins\
    • Linux: $XDG_CONFIG_HOME/Insomnia/plugins/ or ~/.config/Insomnia/plugins/
  • Install dependencies using npm i

Protecting User Privacy

Loggers always have an active set of rules that control what data is logged and how sensitive data is masked. All of the examples above apply a predefined set of rules (include debug), but logging rules are easily customized to meet the needs of any application.

Logging rules documentation


© 2016-2024 Graylog, Inc.