Skip to main content
TrueFoundry AI Gateway allows you to control which requests are logged.

Controlling Request Logging

Using HTTP Headers

To enable logging for a specific request, include the X-TFY-LOGGING-CONFIG header: 
{
  "enabled": true
}
To disable logging for a specific request, set: 
{
  "enabled": false
}
To log in custom tracing projects, set: 
{
  "enabled": true, "tracing_project_fqn": "your_tracing_project_fqn"
}

Using Environment Variables

Environment variable configuration is only available when running a self-hosted instance of TrueFoundry AI Gateway
You can also control logging behavior globally by setting the REQUEST_LOGGING_MODE environment variable in the AI Gateway:
ModeDescription
HEADER_CONTROLLEDLogging depends on the enabled value in the X-TFY-LOGGING-CONFIG header. If the header is absent or set to true, logging will occur. If set to false, no logging will happen.
ALWAYSAll requests are logged regardless of the enabled value.
NEVERNo requests are logged regardless of the enabled value.

Viewing Request Logs

You can view all logged requests in the TrueFoundry UI. Go to AI Gateway > Monitor > Requests
Screenshot showing the request logs interface with timestamps, models, and status information

Request logs in the Monitor section

Code Example

from openai import OpenAI

BASE_URL = "https://{controlPlaneUrl}/api/llm"
API_KEY = "your-truefoundry-api-key"

client = OpenAI(
    api_key=API_KEY,
    base_url=BASE_URL,
    default_headers={
        "X-TFY-LOGGING-CONFIG": '{"enabled": true}'
    }
)

Role-Based Access Control (RBAC) for Request Logs

TrueFoundry AI Gateway logs request logs using tracing. To implement Role-Based Access Control (RBAC) on request logs, you need to create tracing projects and provide appropriate access to those tracing projects.

Overview

When you enable request logging in the AI Gateway, the logs are stored as traces in TrueFoundry’s tracing system. To control who can access these request logs, you need to:
  1. Create a tracing project with appropriate collaborators
  2. Use the tracing project FQN in your logging headers
  3. Manage user permissions through the tracing project’s RBAC settings

Creating a Tracing Project

To set up RBAC for request logs, you first need to create a tracing project:
1

Navigate to Tracing

  • Go to your TrueFoundry dashboard Control Plane section
  • Navigate to the Tracing Projects section
2

Create New Tracing Project

  • Click New Tracing Projects
  • Enter the project name
  • Configure collaborators with appropriate roles (Admin, Editor, or Viewer)
  • Click Submit

Creating tracing projects with collaborators

3

Get Tracing Project FQN

After creating the tracing project, you’ll receive a Fully Qualified Name (FQN). This FQN will be used in your request logging configuration.

Using Tracing Project FQN for Request Logging

Once you have created a tracing project, you can use its FQN to control where request logs are stored. For example, specify the tracing project FQN in your logging header like below: 
curl --location 'https://<your_control_plane_url>/api/llm/chat/completions' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <YOUR_API_KEY>' \
--header 'X-TFY-LOGGING-CONFIG: {"enabled": true, "tracing_project_fqn":"your_tracing_project_fqn"}' \
--data '{
    "model": "openai-main/gpt-4",
    "messages": [
        {
            "role": "user",
            "content": "Hi"
        }
    ]
}'
Replace <YOUR_API_KEY> with your issued API Key, and use your tracing project FQN in place of the example if needed. If you don’t specify a tracing_project_fqn in your logging configuration, request logs are automatically published to the default tracing project. Access control for the default tracing project works as follows:
  • Tenant Admins can fetch and view all data published to the default tracing project
  • Individual Users can fetch and view only their own data in the default tracing project
This ensures users have privacy over their own request logs, while tenant administrators retain visibility into all logging activity within their organization. If you specify a tracing_project_fqn in your logging configuration but don’t have write access to the project or the tracing project has been deleted, your spans will be dropped.

Tracing Project Roles and Permissions

TrueFoundry tracing projects support three main roles that control access to request logs:
  • Tracing Project Admin
  • Tracing Project Editor
  • Tracing Project Viewer
Full Control Access
PermissionAccess
View Tracing Project
Delete Tracing Project
Manage Collaborators
View All Traces/Logs
Publish Traces/Logs
Tracing Project Admins have complete control over the project, including the ability to manage other users’ access and delete the entire project.
I