Azure  

How to configure Azure API gateway to get user logs

Problem Statement

The current API gateway does not provide user details along with incoming requests. As a result, it is not possible to reliably track which user is accessing specific APIs.

Solution
We can implement an inbound policy in the API Gateway to capture trace information. These traces will be sent to Application Insights, where they can be later used to track and analyze user activity. We can also store these logs in a database for future reference.

Intro - Azure API Management (APIM) gateway

Azure API Management (APIM) is a managed gateway that sits in front of your APIs and provides a central place to secure, publish, transform, and observe traffic. With APIM you can:

  • apply policies (XML fragments) at global, API, or operation level to throttle, rewrite, authenticate, cache, log, or transform requests and responses;

  • enrich requests and responses (add headers, inject correlation IDs) so downstream services and telemetry systems can correlate traces

This makes APIM an ideal place to add lightweight observability (user identity, correlation id, subscription id, client IP) for every incoming call, even when the backend or client doesn't supply all the fields you need.

Now let's dive into the required steps to create api gateway, configure it with Application Insights, and add traces.

Step-by-Step Process:

  1. Create an Http API with url details inthe Gateway and add operations

    Screenshot 2025-10-01 182856

  2. Select the operation inside All Operation and click on inbound processing => Polices (</>)

    2025-10-01_18h34_38

  3. In Inbound polices, once you click (</>), you can paste code as shown below. Adding this policy will include the email of the user who logged in and forward it to related Application insight of the API.

    Screenshot 2025-10-01 184116
    <inbound>
        <base />
        <set-header name="user-email" exists-action="override">
            <value>@(context.User != null ? context.User.Email : "unknown")</value>
        </set-header>
        <trace source="APIM" severity="information">
            <message>@($"userEmail:{(context.User != null ? context.User.Email : "unknown")}")</message>
        </trace>
    </inbound>

  1. In the API Settings tab, look for Diagnostics Logs => Application Insights and click on the Enable checkbox . In the Destination dropdown select your application insight and save it

    Screenshot 2025-10-01 192453

  2. Navigate to Application Insights => Transaction search and look for traces of API requests in the last 24 hours. In traces, you will find all the details you added in the inbound policy

    Screenshot 2025-10-01 191632

Summary

In this article, we explored how to extend Azure API Management (APIM) Gateway with custom policies to improve user tracking and observability.

By combining APIM policies with Application Insights telemetry, you create a robust monitoring setup that allows you to trace user activity across every API call, troubleshoot issues quickly, and gain better insights into how APIs are being consumed.

Membership not found