Tracing request in Azure API Management

Azure API Management (API-M) is an API Gateway solution.

It is quite easy to create an API in API-M, connect it to a back-end API and test it in the portal.

What happen when you test it from another client platform (e.g. Postman) and it fails? You have no visibility into what failed.

Maybe you did put authentication logic in and the client fails to pass, but you do not know which policy is failing and why.

In this article, we’ll see how we can use tracing to see exactly what we would see in the Portal experience.

This article is an extension to the online article about API debugging.

There is no code for this article. It is that simple!

A simple API

Let’s take a simple API: the Echo API. This API comes with any API-M sku.

For the purpose of this article, we can simply create a Developer SKU API-M.

Let’s open the APIs pane, select the Echo API api, the one-before-the-last-one operation (i.e. the first GET Retrieve resource) and the Test tab.

Portal test

We should see the Request URL. In our case the value is

Let’s copy that value.

If we press the Send button, the Portal will initiate a test request. We should quickly see the result coming by. If we then select the Trace tab, we should see the traces we are after.

Trace Portal

This is what we want to replicate outside the Portal.

Calling the API from postman (or any client)

Here we’ll do a call from Postman. This can easily be done with other tools, e.g. Fiddler, or custom applications.

First, we’ll need a subscription key in order to use the API. For that, let’s go to the Subscriptions pane, select the ellipse (i.e. …) on the right to the first product (Starter) and select Show/hide keys.


From there we can copy the Primary key.

We can now open Postman.

We will select the GET HTTP method. We will paste the URL we picked in the last section (in our case

We will then select the Headers tab. We will add an header with the key Ocp-Apim-Subscription-Key and the value of the subscription key we just copied. This is how we pass the subscription key to a request.

Headers in Postman

If we click send, Postman is going to send the HTTPS request to Azure API Management.

If we then select the Headers in the response:

Response headers

We can see what API Management responded. Nothing very exciting, but the request was a success (i.e. 200 OK).

Activating the Tracing

Although the call was successful, there is no way to see what happened inside API Management. We can’t know which policy was fired and how they transformed the request.

For that, let’s activate tracing.

This is quite easy. Let’s add an header on the request with key Ocp-Apim-Trace and value true.

That’s it.

If we send that request now, we should receive a very similar response, except we now have an header Ocp-Apim-Trace-Location in the response:

Response header with tracing

The value of that header is a URL pointing to a blob in some blob storage.

Accessing traces

Let’s copy paste that URL in a browser.


This is a JSON payload with all the tracing.

We can expend it in a JSON editor to more easily read it.

  "traceId": "922d3b8d298b4978b990e3ef515925b2",
  "traceEntries": {
    "inbound": [
        "source": "api-inspector",
        "timestamp": "2019-11-12T18:45:18.0140706Z",
        "elapsed": "00:00:00.0002718",
        "data": {
          "request": {
            "method": "GET",
            "url": "",
            "headers": [
                "name": "Ocp-Apim-Subscription-Key",
                "value": "f6048eafa32e4bfc9d09eae7d723fb3d"
                "name": "Postman-Token",
                "value": "2569f3ad-83e9-485b-b90d-095a8c03d670"
                "name": "Cache-Control",
                "value": "no-cache"

We find the exact same information we were finding in the Portal.


We saw how to use Request Tracing outside of the Azure Portal.

Although the API we used was trivial and had no policy, the same method could be applied to a more complex API.

Adding an HTTP Header is all we need to be returned the tracing information.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s