Skip to content

Add a request correlation ID header to apiRequest for end-to-end traceability #310

Description

@Jagadeeshftw

📌 Description

apiRequest in src/shared/api/client.ts sends no correlation/trace header, so a failing request cannot be matched to a backend log line. Attach an X-Request-Id header (a crypto.randomUUID() per request) to every call and include that id in the thrown error and any logger.error, so support can trace a user-reported failure across the stack.

💡 Why it matters: Correlation IDs turn "the page errored" reports into pinpointed backend log lookups.

🧩 Requirements and context

  • Generate a UUID per request (guard for environments lacking crypto.randomUUID).
  • Send it as X-Request-Id.
  • Attach the id to thrown errors and to logger.error calls.
  • Do not override a caller-supplied X-Request-Id.
  • Document the header in API_INTEGRATION.md.

Non-functional requirements

  • Must be secure, tested, and documented.
  • Should be efficient and easy to review.

🛠️ Suggested execution

1. Fork the repo and create a branch

git checkout -b feat/api-request-id

2. Implement changes

  • Write/modify the relevant source: src/shared/api/client.ts
  • Write comprehensive tests: src/shared/api/client.test.ts
  • Add documentation: API_INTEGRATION.md
  • Include TSDoc doc comments
  • Validate security assumptions: id is random, contains no PII

3. Test and commit

  • Run tests:
npm test -- client
  • Cover edge cases: caller-supplied id preserved, missing crypto fallback
  • Include test output and security notes in the PR description.

Example commit message

feat(observability): attach X-Request-Id to api requests

✅ Acceptance criteria

  • Every request sends X-Request-Id
  • Caller-supplied id is preserved
  • Errors and logs include the id
  • Fallback when crypto.randomUUID is unavailable

🔒 Security notes

The id must be random and PII-free; never derive it from the JWT or user id.

📋 Guidelines

  • Minimum 95% test coverage
  • Clear documentation
  • Timeframe: 96 hours

Metadata

Metadata

Assignees

Labels

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions