Controlling Request Logging
Using HTTP Headers
To enable logging for a specific request, include theX-TFY-LOGGING-CONFIG
header:
Using Environment Variables
Environment variable configuration is only available when running a self-hosted instance of TrueFoundry AI Gateway
REQUEST_LOGGING_MODE
environment variable in the AI Gateway:
Mode | Description |
---|---|
HEADER_CONTROLLED | Logging depends on the enabled value in the X-TFY-LOGGING-CONFIG header. If the header is absent or set to true , logging will occur. If set to false , no logging will happen. |
ALWAYS | All requests are logged regardless of the enabled value. |
NEVER | No requests are logged regardless of the enabled value. |
Viewing Request Logs
You can view all logged requests in the TrueFoundry UI. Go toAI Gateway
> Monitor
> Requests

Request logs in the Monitor section
Code Example
Role-Based Access Control (RBAC) for Request Logs
TrueFoundry AI Gateway logs request logs using tracing. To implement Role-Based Access Control (RBAC) on request logs, you need to create tracing projects and provide appropriate access to those tracing projects.Overview
When you enable request logging in the AI Gateway, the logs are stored as traces in TrueFoundry’s tracing system. To control who can access these request logs, you need to:- Create a tracing project with appropriate collaborators
- Use the tracing project FQN in your logging headers
- Manage user permissions through the tracing project’s RBAC settings
Creating a Tracing Project
To set up RBAC for request logs, you first need to create a tracing project:1
Navigate to Tracing
- Go to your TrueFoundry dashboard
Control Plane
section - Navigate to the Tracing Projects section
2
Create New Tracing Project
- Click New Tracing Projects
- Enter the project name
- Configure collaborators with appropriate roles (Admin, Editor, or Viewer)
- Click Submit

Creating tracing projects with collaborators
3
Get Tracing Project FQN
After creating the tracing project, you’ll receive a Fully Qualified Name (FQN).
This FQN will be used in your request logging configuration.
Using Tracing Project FQN for Request Logging
Once you have created a tracing project, you can use its FQN to control where request logs are stored. For example, specify the tracing project FQN in your logging header like below:<YOUR_API_KEY>
with your issued API Key, and use your tracing project FQN in place of the example if needed.
If you don’t specify a tracing_project_fqn in your logging configuration, request logs are automatically published to the default tracing project.
Access control for the default tracing project works as follows:
- Tenant Admins can fetch and view all data published to the default tracing project
- Individual Users can fetch and view only their own data in the default tracing project
tracing_project_fqn
in your logging configuration but don’t have write access to the project or the tracing project has been deleted, your spans will be dropped.
Tracing Project Roles and Permissions
TrueFoundry tracing projects support three main roles that control access to request logs:- Tracing Project Admin
- Tracing Project Editor
- Tracing Project Viewer
Full Control Access
Permission | Access |
---|---|
View Tracing Project | |
Delete Tracing Project | |
Manage Collaborators | |
View All Traces/Logs | |
Publish Traces/Logs |
Tracing Project Admins have complete control over the project, including the ability to manage other users’ access and delete the entire project.