Dotkernel API has received a lot of love from our developers, with regular updates to the platform for years. We use Dotkernel API in our projects, so any bugs and issues are addressed as soon as they are found. Still, it’s not unlikely that some hidden issues remain in fringe use cases that we simply haven’t explored. The occurrence of bugs increases when the API is used in a complex frontend project.
Fatal errors are easily found in the API logs, but it’s another matter altogether to deal with incorrect data processing that doesn’t generate errors in the frontend that interfaces with the API. The error reporting endpoint was designed to allow the frontend developers of your API to report any bugs they encounter in a secure way that is fully under your control.
Example case usage
- Frontend developed in Angular.
- Frontend developer will use try-catch in the code in order to send frontend errors back to the API.
How to use it on the API side
Error reporting is done by sending a POST request to the /error-report endpoint, together with a token in the header. In the sections below we will detail how to configure error reporting in your API and how the endpoint is used by the frontend developers.
Generating a token and adding it to your API config
First you need to generate a token for your request. This is done by using the below command.
php ./bin/cli.php token:generate error-reporting
The resulting token has this format 0123456789abcdef0123456789abcdef01234567.
Note: this example is provided just to let you know what to look for.
Copy the generated token in your config/autoload/error-handling.global.php file. It should look similar to the example below. Your API can have multiple tokens, if needed.
return [
...
ErrorReportServiceInterface::class => [
...
'tokens' => [
'0123456789abcdef0123456789abcdef01234567',
],
...
]
]
Validation mechanism
Behind the scenes, the API validates your configuration and lets you know if any config items prevent the submission of the error report. Below are the requirements for an application to be able to send error messages to Dotkernel API.
- Server-side requirements stored in
config/autoload/error-handling.global.php(these can be set/overwritten in `config/autoload/local.php`):- All keys (
enabled,path,tokens,domain_whitelistandip_whitelist) must exist underErrorReportServiceInterface::class. - The error reporting feature must be enabled by setting
ErrorReportServiceInterface::class.enabledtotrue. ErrorReportServiceInterface::class.pathmust have a value; if the destination file does not exist, it will be created automatically.ErrorReportServiceInterface::class.tokensmust contain at least one token.- At least one of
ErrorReportServiceInterface::class.domain_whitelist/ip_whitelistmust have at least one value.
- All keys (
Note: In src/App/src/Service/ErrorReportService.php, the method checkRequest() tries to validate the request by checking matches for domain_whitelist with isMatchingDomain() and for ip_whitelist with isMatchingIpAddress().
If both return false, a ForbiddenException is thrown and the error message does not get stored.
- Application-side requirements:
- Send the
Error-Reporting-Tokenheader with a valid token previously stored inconfig/autoload/error-handling.global.phpin theErrorReportServiceInterface::class.tokensarray. - Send the
Originheader set to the application’s URL; this is the application that sends the error message.
- Send the
Note:
- The tokens under
ErrorReportServiceInterface::class.tokensdo not expire. - The log file stores the token value too, making it easy to identify which application sent the error message.
If your request passes all the checks, the message is saved in the log file specified in ErrorReportServiceInterface::class . path.
Tips and tricks
If there are multiple applications that report errors to your API, you can assign a different error reporting token for each. The tokens support key-value pairs where:
- The key is an alias relevant to the assigned application that uses it.
- The value is the token itself.
Example:
// ...
return [
...
ErrorReportServiceInterface::class => [
// ...
'tokens' => [
'frontend' => '0123456789abcdef0123456789abcdef01234567',
'admin' => '9876543210abcdef0123456789abcdef7654321',
// other tokens
],
],
];
The log file will have entries similar to the below:
[2024-08-29 12:47:00] [0123456789abcdef0123456789abcdef01234567] Demo error message
The inclusion of the token helps you identify the source of the error message. In our example, it’s the application that uses the 0123456789abcdef0123456789abcdef01234567 token, which is assigned to the application frontend.
How to use it on the Frontend side (Angular example)
The API developer sends a generated token to the frontend developer who will save it in their environment.staging.ts and/or environment.prod.ts. From then on, it’s the frontend developer’s job to set up an error reporting function similar to the one below.
postError(body: object): Promise<any> {
return new Promise((resolve, reject) => {
return this.http.post(API_ENDPOINT + 'error-report', body , {headers: new HttpHeaders({'Error-Reporting-Token': 'TOKEN', 'Origin': 'https://example.com'})})).subscribe({
next: (response: any) => {
resolve(response);
},
error: (e: HttpErrorResponse) => reject(e),
complete: () => console.info('Error on sending error'),
});
});
}
Whenever an error is found, the frontend will call postError() with a relevant description under message.
apiService.postError({message: 'ERROR MESSAGE'})
Conclusion
The error reporting feature in Dotkernel API is a secured and highly configurable tool for users of your API to report any unwanted behavior. More often than not, a detailed error report will help developers understand how to replicate the issue and fix it in due course.
This article is also included in the full API documentation https://docs.dotkernel.org/api-documentation/v5/core-features/error-reporting.
Looking for PHP, Laminas or Mezzio Support?
As part of the Laminas Commercial Vendor Program, Apidemia offers expert technical support and services for:
Leave a Reply