APIM

Follow the steps below to enable and retreive debug logging from a specific APIM resource.

First retrieve an access token. This can be done by de following PowerShell commands (cloud shell):

[az login]
az account set --subscription {subscription-id)
az account get-access-token

You can also use the folowing command to retrieve a list of apiIds so you can past the specific apiId path directly into the apiId key in the body.

az apim api list --resource-group {resource-group-name} --service-name {apim-service-name} --query "[].{Name:displayName, apiId:id}" -o table

Retrieve debug credentials by doing below HTTP POST.

POST https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.ApiManagement/service/{apim-service-name}/gateways/managed/listDebugCredentials?api-version=2023-05-01-preview HTTP/1.1
Content-Type: application/json
Authorization: Bearer {access-token}

{
    "credentialsExpireAfter": "PT1H",
    "apiId": "/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.ApiManagement/service/{apim-service-name}/apis/{api-name}",
    "purposes": ["tracing"]
}

Copy the token from the reponse and add it as a header value (Apim-Debug-Authorization) in the specific api-call where you want the debugging to take place…

GET https://example.com/rest/api HTTP/1.1
Apim-Debug-Authorization: aid=api-name...

In the header value of the response from the specific api there should also be a header value (Apim-Trace-Id) which you can use to retrieve the trace.

POST https://management.azure.com/subscriptions{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.ApiManagement/service/{apim-service-name}/gateways/managed/listTrace?api-version=2023-05-01-preview HTTP/1.1
Content-Type: application/json
Authorization: Bearer {access-token}

{ "traceId": "{apim-trace-id}" }