Serverpod Logging Rules

ApiInterceptor usage and security guide for Serverpod API request/response logging.

Architecture Overview#

┌─────────────────────────────────────────────────────────┐
│                      Repository                          │
│  ┌─────────────────────────────────────────────────┐    │
│  │              ApiInterceptor                      │    │
│  │  ┌─────────────────────────────────────────┐    │    │
│  │  │         Serverpod Client                │    │    │
│  │  │  (kobic_client → kobic_server)          │    │    │
│  │  └─────────────────────────────────────────┘    │    │
│  └─────────────────────────────────────────────────┘    │
└─────────────────────────────────────────────────────────┘

ApiInterceptor Usage#

Location#

package/core/lib/src/data/api_interceptor.dart

Default Settings#

const ApiInterceptor({
  this.enableLogging = true,   // Enable API call logging
  this.enableRetry = true,     // Enable retry on failure
  this.maxRetries = 3,         // Maximum retry count
  this.retryDelay = 1s,        // Delay between retries
})

Usage in Repository#

class BookRepository implements IBookRepository {
  final ApiInterceptor _interceptor;

  @override
  Future<Either<Failure, Book>> getBook(int id) async {
    try {
      final result = await _interceptor.executeApiCall(
        apiCall: () => _client.book.getBook(id),
        apiName: 'getBook',
        parameters: {'id': id},
      );
      return Right(result);
    } on ApiException catch (error) {
      return Left(error.toFailure());
    }
  }
}

Log Output Format#

API Call Start#

🚀 API Call: getBook
⏰ Start: 10:30:45.123
📝 Parameters:
  • id: 123

API Success#

✅ API Success: getBook (245ms)
📊 Result: Book
  • Value: Book(id: 123, title:  ' Title ' )

API Failure#

❌ API Failure: getBook (1205ms)
💥 Error: ServerpodClientException
📄 Message: Not Found

Retry#

⚠️ Retry 2/3 (after 1000ms)

Retry Policy#

Retryable Errors#

Status Code	Description	Retry
5xx	Server error	✅
408	Request Timeout	✅
socket error	Network connection failure	✅
timeout	Request timeout	✅
handshake error	SSL handshake failure	✅
4xx (other)	Client error	❌

Custom Retry Settings#

// Custom retry configuration
final interceptor = ApiInterceptor(
  enableRetry: true,
  maxRetries: 5,
  retryDelay: const Duration(seconds: 2),
);

Error Conversion#

ApiInterceptor converts ServerpodClientException to project custom exceptions.

Status Code	Converted Exception	Message
401	`UnauthorizedException`	Authentication required
403	`ForbiddenException`	Access denied
404	`NotFoundException`	Resource not found
422	`ValidationException`	Invalid input data
500	`ServerException`	Server error occurred
socket	`NetworkException`	Network connection error
timeout	`TimeoutException`	Request timeout

Security Rules#

Do Not Log Sensitive Information#

// ❌ Forbidden: Include sensitive info in parameters
await _interceptor.executeApiCall(
  apiCall: () => _client.auth.login(userId, password),
  apiName: 'login',
  parameters: {
    'userId': userId,
    'password': password,  // 🚨 Forbidden!
  },
);

// ✅ Recommended: Exclude sensitive info
await _interceptor.executeApiCall(
  apiCall: () => _client.auth.login(userId, password),
  apiName: 'login',
  parameters: {'userId': userId},  // password excluded
);

Sensitive Information List#

Category	Examples	Logging
Credentials	password, pin, userPw	❌ Forbidden
Tokens	accessToken, refreshToken, idToken	❌ Forbidden
Identity info	userId, loginId (except for debugging)	⚠️ Caution
Personal info	phoneNumber, email, address	❌ Forbidden
Auth codes	smsCode, verificationCode	❌ Forbidden

kDebugMode Pattern#

Disable Logging in Production Builds#

import 'package:flutter/foundation.dart' show kDebugMode;

// Set in ApiInterceptorConfig
class ApiInterceptorConfig {
  static const defaultEnableLogging = kDebugMode;
  // ...
}

// Or explicitly set during creation
final interceptor = ApiInterceptor(
  enableLogging: kDebugMode,
);

kDebugMode Advantages#

Compile-time constant, completely removed from production code
No runtime overhead
Enhanced security (prevents log exposure in production)

Server-side Logging (Serverpod)#

Using session.log()#

// In backend/kobic_server
Future<Book> getBook(Session session, int id) async {
  session.log('📚 Book lookup request: id=$id');

  final book = await Book.db.findById(session, id);

  if (book == null) {
    session.log('⚠️ Book not found: id=$id', level: LogLevel.warning);
    throw NotFoundException('Book not found');
  }

  session.log('✅ Book lookup success: ${book.title}');
  return book;
}

LogLevel Types#

Level	Usage
`LogLevel.debug`	Development debugging
`LogLevel.info`	General information (default)
`LogLevel.warning`	Warnings
`LogLevel.error`	Errors
`LogLevel.fatal`	Fatal errors

Checklist#

When Implementing Repository#

Use ApiInterceptor.executeApiCall()
Explicitly specify apiName
Exclude sensitive info from parameters
Verify error conversion handling

During PR Review#

New API calls are wrapped with ApiInterceptor
No sensitive info in parameters
kDebugMode conditional logging maintained

serverpod-auth.md - Serverpod authentication rules
CLAUDE.md - Project-wide guide