Log all API responses

[chinmaymudholkar1]

Log all API responses

[zoltan-antal]

Before I dig in too deep, why do we need this change?

[zoltan-antal]

If we do need this, are we sure we want to implement our own response logging logic? Particularly concerning is the "mask sensitive data" logic - if there's a bug in that (even if not now, but in the future, due to an API change in httpx let's say), we could be logging sensitive info.
Does httpx provide functionality for this? If not, is there a conventional, trusted way of logging httpx responses?

[chinmaymudholkar1]

Before I dig in too deep, why do we need this change?

This is in response to the issue we had with the IMMS API earlier this week with BST starting and the test failing. Better logging of API calls will help such scenarios.

[chinmaymudholkar1]

If we do need this, are we sure we want to implement our own response logging logic? Particularly concerning is the "mask sensitive data" logic - if there's a bug in that (even if not now, but in the future, due to an API change in httpx let's say), we could be logging sensitive info. Does httpx provide functionality for this? If not, is there a conventional, trusted way of logging httpx responses?

httpx does not provide a built-in credential masking mechanism.

This approach:

• Uses event hooks to intercept requests/responses
• Applies custom regex-based masking for sensitive fields
• Disables httpx's built-in logger to prevent credential leaks (even to pytest's live log)