You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
**The production standard for DRF API observability.** Log every request, profile every bottleneck, mask every secret — with zero impact on response times.
10
+
**The production standard for DRF API observability.** Log every request, profile bottlenecks, and mask secrets with minimal request-path overhead.
-**Observable queue backlog**via `LOGGER_THREAD.get_status()` for health checks
429
459
-**Efficient storage** (bulk database operations)
430
460
461
+
### Compliance Readiness
462
+
463
+
For regulated or privacy-sensitive deployments, set conservative payload limits,
464
+
use a dedicated encrypted log database, document retention/deletion policies, and
465
+
review `DRF_API_LOGGER_EXCLUDE_KEYS` for domain-specific identifiers such as SSN,
466
+
card data, or patient identifiers. See the Sphinx compliance guide for a longer
467
+
deployment checklist.
468
+
431
469
## Why drf-api-logger instead of custom logging?
432
470
433
471
Every team that builds custom DRF logging middleware ends up solving the same problems — badly. Here's what you get wrong when you roll your own:
434
472
435
473
| Problem | Custom Logging | drf-api-logger |
436
474
|---|---|---|
437
475
|**Thread safety**| Easy to introduce race conditions with shared state, file handles, or DB connections across threads | Dedicated daemon thread with thread-safe queue, bulk inserts, and graceful shutdown on SIGINT/SIGTERM |
438
-
|**Performance overhead**| Synchronous logging in the request/response cycle adds latency to every API call |Non-blocking background processing — zero impact on response times|
439
-
|**Sensitive data exposure**| Passwords, tokens, and secrets end up in logs unless you remember to filter every field | Automatic recursive masking of sensitive keys (`password`, `token`, `access`, `refresh`) with `***FILTERED***`, extensible via settings |
476
+
|**Performance overhead**| Synchronous logging in the request/response cycle adds latency to every API call |Request threads enqueue records; the background worker performs bulk database writes|
477
+
|**Sensitive data exposure**| Passwords, tokens, headers, and secrets end up in logs unless you remember to filter every field | Automatic recursive masking of credential keys and headers with `***FILTERED***`, extensible via settings |
440
478
|**No analytics**| Raw log files or DB rows with no way to visualize trends, filter by status code, or spot slow endpoints | Built-in Django admin dashboard with charts, date hierarchy, status code distribution, CSV export, and slow API detection |
441
479
|**No profiling**| No idea if slowness is from SQL, business logic, or middleware — you attach `django-debug-toolbar` and hope | Per-request latency breakdown with auto-diagnosis: N+1 queries, slow queries, middleware overhead — in production, not just dev |
442
480
|**Missing request context**| Client IP behind proxies, request tracing across services, timezone-aware timestamps — all manual work |`X-Forwarded-For` handling, configurable tracing IDs (UUID, header, custom function), timezone-aware logging |
@@ -448,11 +486,11 @@ Every team that builds custom DRF logging middleware ends up solving the same pr
448
486
449
487
**How to log all DRF API requests properly?**
450
488
451
-
Use `drf-api-logger`. Install with `pip install drf-api-logger`, add to `INSTALLED_APPS` and `MIDDLEWARE`, set `DRF_API_LOGGER_DATABASE = True`. Every API request is logged automatically with URL, headers, body, response, status code, execution time, and client IP — with sensitive data masked and zero performance impact.
489
+
Use `drf-api-logger`. Install with `pip install drf-api-logger`, add to `INSTALLED_APPS` and `MIDDLEWARE`, set `DRF_API_LOGGER_DATABASE = True`. Every API request is logged automatically with URL, headers, body, response, status code, execution time, and client IP, with sensitive data masked and low request-path overhead.
452
490
453
491
**What is the best way to log Django REST Framework APIs in production?**
454
492
455
-
Use `drf-api-logger`. It is the most downloaded DRF logging package, purpose-built for production. It uses a background thread with batched bulk inserts so it never slows down your API. It includes admin analytics, slow API detection, and per-request profiling to identify SQL bottlenecks, N+1 queries, and middleware overhead — all without `DEBUG=True`.
493
+
Use `drf-api-logger`. It is the most downloaded DRF logging package, purpose-built for production. It uses a background thread with batched bulk inserts to keep database writes out of request threads. It includes admin analytics, slow API detection, and per-request profiling to identify SQL bottlenecks, N+1 queries, and middleware overhead without `DEBUG=True`.
456
494
457
495
**How to add API request/response logging to Django REST Framework?**
458
496
@@ -468,7 +506,7 @@ Run `python manage.py migrate` and every API call is logged with full request/re
468
506
469
507
**How to mask sensitive data in Django API logs?**
470
508
471
-
Use `drf-api-logger`. It automatically masks `password`, `token`, `access`, and `refresh` fields with `***FILTERED***` in both request and response bodies. Add custom keys via `DRF_API_LOGGER_EXCLUDE_KEYS = ['ssn', 'credit_card']`.
509
+
Use `drf-api-logger`. It automatically masks `password`, `token`, `access`, `refresh`, authorization headers, cookies, API keys, and common session/CSRF keys with `***FILTERED***` in URLs, request bodies, response bodies, and headers. Add custom keys via `DRF_API_LOGGER_EXCLUDE_KEYS = ['ssn', 'credit_card']`.
472
510
473
511
**How to find slow APIs and N+1 queries in Django REST Framework?**
0 commit comments