Merge pull request #311007 from TimShererWithAquent/us543933-01

Freshness Edit: Azure API Management: Tutorial: Debug your APIs using request tracing

Author: v-regandowner

articles/api-management/api-management-howto-api-inspector.md

@@ -1,44 +1,44 @@
 ---
-title: Tutorial - Debug APIs in Azure API Management using request tracing
+title: "Tutorial: Debug APIs in Azure API Management using request tracing"
 description: Follow the steps of this tutorial to enable tracing and inspect request processing steps in Azure API Management.
 services: api-management
 author: dlepow
 ms.service: azure-api-management
 ms.topic: tutorial
-ms.date: 11/04/2024
+ms.date: 01/28/2026
 ms.author: danlep
 ms.custom:
   - devdivchpfy22
   - sfi-image-nochange
+#customer intent: As a developer who works with Azure API Management, I need to understand request tracing in order to troubleshoot APIs.
 ---
 
 # Tutorial: Debug your APIs using request tracing
 
 [!INCLUDE [api-management-availability-all-tiers](../../includes/api-management-availability-all-tiers.md)]
 
-This tutorial describes how to inspect (trace) request processing in Azure API Management. Tracing helps you debug and troubleshoot your API.
+This tutorial describes how to inspect, or *trace*, request processing in Azure API Management. Tracing helps you debug and troubleshoot your API.
 
 [!INCLUDE [api-management-workspace-try-it](../../includes/api-management-workspace-try-it.md)]
 
 In this tutorial, you learn how to:
 
 > [!div class="checklist"]
-> * Trace an example call in the test console
-> * Review request processing steps
-> * Enable tracing for an API
+> - Trace an example call in the test console
+> - Review request processing steps
+> - Enable tracing for an API
 
 :::image type="content" source="media/api-management-howto-api-inspector/api-inspector-002.png" alt-text="Screenshot showing the API inspector." lightbox="media/api-management-howto-api-inspector/api-inspector-002.png":::
 
 ## Prerequisites
 
-+ Learn the [Azure API Management terminology](api-management-terminology.md).
-+ Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md).
-+ Complete the following tutorial: [Import and publish your first API](import-and-publish.md).
-
+- Learn the [Azure API Management terminology](api-management-terminology.md).
+- Complete the following quickstart: [Create an Azure API Management instance](get-started-create-service-instance.md).
+- Complete the following tutorial: [Import and publish your first API](import-and-publish.md).
 
 [!INCLUDE [api-management-tracing-alert](../../includes/api-management-tracing-alert.md)]
 
-## Trace a call in the portal
+## Trace a call in the Azure portal
 
 Follow these steps to trace an API request in the test console in the portal. This example assumes that you [imported](import-and-publish.md) a sample API in a previous tutorial. You can follow similar steps with a different API that you imported.
 
@@ -49,30 +49,28 @@ Follow these steps to trace an API request in the test console in the portal. Th
 1. Select the **Find pet by ID** operation.
 1. In the *petId* **Query parameter**, enter *1*.
 1. Optionally check the value for the **Ocp-Apim-Subscription-Key** header used in the request by selecting the "eye" icon.
-    > [!TIP]
-    > You can override the value of **Ocp-Apim-Subscription-Key** by retrieving a key for another subscription in the portal. Select **Subscriptions**, and open the context menu (**...**) for another subscription. Select **Show/hide keys** and copy one of the keys. You can also regenerate keys if needed. Then, in the test console, select **+ Add header** to add an **Ocp-Apim-Subscription-Key** header with the new key value.
 
-1. Select **Trace**. 
+   > [!TIP]
+   >
+   > You can override the value of **Ocp-Apim-Subscription-Key** by retrieving a key for another subscription in the Azure portal. Select **Subscriptions**, and open the context menu (**...**) for another subscription. Select **Show/hide keys** and copy one of the keys. You can also regenerate keys if needed. Then, in the test console, select **+ Add header** to add an **Ocp-Apim-Subscription-Key** header with the new key value.
 
+1. Select **Trace**. 
 
 ## Review trace information
 
 1. After the call completes, go to the **Trace** tab in the **HTTP response**.
-1. Select any of the following links to jump to detailed trace info: **Inbound**, **Backend**, **Outbound**, **On error**.
-
-     :::image type="content" source="media/api-management-howto-api-inspector/response-trace-1.png" alt-text="Review response trace":::
-
-    * **Inbound** - Shows the original request API Management received from the caller and the policies applied to the request. For example, if you added policies in [Tutorial: Transform and protect your API](transform-api.md), they appear here.
-
-    * **Backend** - Shows the requests API Management sent to the API backend and the response it received.
+1. Select any of the following links to jump to detailed trace information: **Inbound**, **Backend**, **Outbound**, **On error**.
 
-    * **Outbound** - Shows the policies applied to the response before sending back to the caller.
+   :::image type="content" source="media/api-management-howto-api-inspector/response-trace-1.png" alt-text="Screenshot showing the review response trace.":::
 
-    * **On error** - Shows the errors that occurred during the processing of the request and the policies applied to the errors.
-
-    > [!TIP]
-    > Each step also shows the elapsed time since the request is received by API Management.
+   - **Inbound**. Shows the original request API Management received from the caller and the policies applied to the request. For example, if you added policies in [Tutorial: Transform and protect your API](transform-api.md), they appear here.
+   - **Backend**. Shows the requests API Management sent to the API backend and the response it received.
+   - **Outbound**. Shows the policies applied to the response before sending back to the caller.
+   - **On error**. Shows the errors that occurred during the processing of the request and the policies applied to the errors.
 
+   > [!TIP]
+   >
+   > Each step also shows the elapsed time since API Management receives the request.
 
 ## Enable tracing for an API
 
@@ -86,79 +84,76 @@ The following high level steps are required to enable tracing for a request to A
 Detailed steps follow.
 
 > [!NOTE]
-> * These steps require API Management REST API version 2023-05-01-preview or later. You must be assigned the Contributor or higher role on the API Management instance to call the REST API.
-> * For information about authenticating to the REST API, see [Azure REST API reference](/rest/api/azure). 
+>
+> - These steps require API Management REST API version 2023-05-01-preview or later. You must be assigned the Contributor or higher role on the API Management instance to call the REST API.
+> - For information about authenticating to the REST API, see [Azure REST API reference](/rest/api/azure). 
 
-1. **Obtain a debug token** - Call the API Management gateway's [List debug credentials](/rest/api/apimanagement/gateway/list-debug-credentials) API. In the URI, enter "managed" for the instance's managed gateway in the cloud, or the gateway ID for a self-hosted gateway. For example, to obtain trace credentials for the instance's managed gateway, use a request similar to the following:
+1. **Obtain a debug token**. Call the API Management gateway's [List debug credentials](/rest/api/apimanagement/gateway/list-debug-credentials) API. In the URI, enter *managed* for the instance's managed gateway in the cloud, or the gateway ID for a self-hosted gateway. For example, to obtain trace credentials for the instance's managed gateway, use a request similar to the following example:
 
-    ```http
-    POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/gateways/managed/listDebugCredentials?api-version=2023-05-01-preview
-    ```
+   ```http
+   POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/gateways/managed/listDebugCredentials?api-version=2023-05-01-preview
+   ```
 
-    In the request body, pass the full resource ID of the API that you want to trace, and specify `purposes` as `tracing`. By default the token credential returned in the response expires after 1 hour, but you can specify a different value in the payload. Note that the expiry time is limited to a maximum of 1 hour. For example:
-
-    ```json
-    {
-        "credentialsExpireAfter": "PT1H",
-        "apiId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}",
-        "purposes": ["tracing"]
-    }
-    ```
+   In the request body, pass the full resource ID of the API that you want to trace. Specify `purposes` as `tracing`. By default, the token credential returned in the response expires after 1 hour. You can specify a different value in the payload. The expiry time is limited to a maximum of 1 hour. For example:
 
-    > [!NOTE]
-    > The `apiId` can only be pulled from the full resource ID, not the name displayed in the portal.
+   ```json
+   {
+       "credentialsExpireAfter": "PT1H",
+       "apiId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/apis/{apiId}",
+       "purposes": ["tracing"]
+   }
+   ```
 
-    Get apiId:
+   > [!NOTE]
+   > The `apiId` can only be pulled from the full resource ID, not the name displayed in the Azure portal.
 
+   Get apiId:
 
-    ```azurecli
-    az apim api list --resource-group <resource-group> --service-name <service-name> -o table
-    ```
+   ```azurecli
+   az apim api list --resource-group <resource-group> --service-name <service-name> -o table
+   ```
         
-    The debug credential is returned in the response, similar to the following:
+   The debug credential is returned in the response, similar to the following example:
 
-    ```json
-    {
-          "token": "aid=api-name&......."
-    }
-    ```
+   ```json
+   {
+         "token": "aid=api-name&......."
+   }
+   ```
 
-1. **Add the token value in a request header** - To enable tracing for a request to the API Management gateway, send the token value in an `Apim-Debug-Authorization` header. For example, to trace a call to the Petstore API that you imported in a previous tutorial, you might use a request similar to the following:
+1. **Add the token value in a request header**. To enable tracing for a request to the API Management gateway, send the token value in an `Apim-Debug-Authorization` header. For example, to trace a call to the Petstore API that you imported in a previous tutorial, you might use a request similar to the following example:
 
-    ```bash
-    curl -v https://apim-hello-world.azure-api.net/pet/1 HTTP/1.1 \
-        -H "Ocp-Apim-Subscription-Key: <subscription-key>" \
-        -H "Apim-Debug-Authorization: aid=api-name&......."
-    ```
+   ```bash
+   curl -v https://apim-hello-world.azure-api.net/pet/1 HTTP/1.1 \
+       -H "Ocp-Apim-Subscription-Key: <subscription-key>" \
+       -H "Apim-Debug-Authorization: aid=api-name&......."
+   ```
 
-1. **Evaluate the response** - The response can contain one of the following headers depending on the state of the debug token:
-    * If the debug token is valid, the response includes an `Apim-Trace-Id` header whose value is the trace ID, similar to the following:
+1. **Evaluate the response**. The response can contain one of the following headers depending on the state of the debug token:
 
-        ```http
-        Apim-Trace-Id: 0123456789abcdef....
-        ```
-        
-    * If the debug token is expired, the response includes an `Apim-Debug-Authorization-Expired` header with information about expiration date.
-    * If the debug token was obtained for a different API, the response includes an `Apim-Debug-Authorization-WrongAPI` header with an error message.
+   | Header in response | Explanation | 
+   |:-------------------|:------------|
+   | `Apim-Trace-Id`                     | Debug token valid. The value is the trace ID, such as: `Apim-Trace-Id: 0123456789abcdef....` |
+   | `Apim-Debug-Authorization-Expired`  | Token is expired. Header includes information about expiration date. |
+   | `Apim-Debug-Authorization-WrongAPI` | Token obtained for a different API. Header includes an error message. |
 
-1. **Retrieve the trace** - Pass the trace ID obtained in the previous step to the gateway's [List trace](/rest/api/apimanagement/gateway/list-trace) API. For example, to retrieve the trace for the managed gateway, use a request similar to the following:
+1. **Retrieve the trace**. Pass the trace ID obtained in the previous step to the gateway's [List trace](/rest/api/apimanagement/gateway/list-trace) API. For example, to retrieve the trace for the managed gateway, use a request similar to the following example:
 
-    ```http
-    POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/gateways/managed/listTrace?api-version=2023-05-01-preview
-    ```
+   ```http
+   POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/gateways/managed/listTrace?api-version=2023-05-01-preview
+   ```
 
-    In the request body, pass the trace ID obtained in the previous step.
+   In the request body, pass the trace ID obtained in the previous step.
 
-    ```json
-    {
-        "traceId": "0123456789abcdef...."
-    }
-    ```
+   ```json
+   {
+       "traceId": "0123456789abcdef...."
+   }
+   ```
 
-    The response body contains the trace data for the previous API request to the gateway. The trace is similar to the trace you can see by tracing a call in the portal's test console.
+   The response body contains the trace data for the previous API request to the gateway. The trace is similar to the trace you can see by tracing a call in the portal's test console.
 
-
-### Example `.http` file for VS Code REST Client extension
+### Example http file for VS Code REST Client extension
 
 To help automate these steps with the [Visual Studio Code REST Client](https://marketplace.visualstudio.com/items?itemName=humao.rest-client) extension, you can use the following example `.http` file:
 
@@ -224,14 +219,16 @@ Content-Type: application/json
 
 For information about customizing trace information, see the [trace](trace-policy.md) policy.
 
-## Next steps
+## Summary
 
 In this tutorial, you learned how to:
 
 > [!div class="checklist"]
-> * Trace an example call in the test console
-> * Review request processing steps
-> * Enable tracing for an API
+> - Trace an example call in the test console
+> - Review request processing steps
+> - Enable tracing for an API
+
+## Next step
 
 Advance to the next tutorial:
 

articles/api-management/media/api-management-howto-api-inspector/api-inspector-002.png

@@ -2,10 +2,10 @@
 author: dlepow
 ms.service: azure-api-management
 ms.topic: include
-ms.date: 11/04/2024
+ms.date: 01/28/2026
 ms.author: danlep
 ---
 > [!IMPORTANT]
-> * API Management no longer supports subscriptions for tracing or the **Ocp-Apim-Trace** header.
-> * To improve API security, tracing can now be enabled at the level of an individual API by obtaining a time-limited token using the API Management REST API, and passing the token in a request to the gateway. For details, see [Enable tracing of an API](../articles/api-management/api-management-howto-api-inspector.md#enable-tracing-for-an-api).
-> * Take care when enabling tracing, as it can expose sensitive information in the trace data. Ensure that you have appropriate security measures in place to protect the trace data.
+> - API Management no longer supports subscriptions for tracing or the **Ocp-Apim-Trace** header.
+> - To improve API security, tracing can now be enabled at the level of an individual API. Obtain a time-limited token using the API Management REST API, and pass the token in a request to the gateway. For details, see [Enable tracing of an API](../articles/api-management/api-management-howto-api-inspector.md#enable-tracing-for-an-api).
+> - Take care when enabling tracing. It can expose sensitive information in the trace data. Ensure that you have appropriate security measures in place to protect the trace data.