2 min read
Capture the right fields
For each call, log the method, path, status, latency and any request/correlation ID the response carries — that ID is what Credicorp support will ask for. Record the RateLimit-Remaining so you can chart how close you run to the wall. Do not log the bearer token or client secret; redact them.
Alert on the signals that matter
Set alerts on rising 5xx or 429 rates (a sign you are being throttled — revisit back-off), on climbing latency, and on webhook processing lag. A 429 spike often means you have outgrown your tier or lost your caching.
Trace across the webhook boundary
Correlate the outbound application call with the inbound decision webhook using the resource ID, so you can trace a case end to end. This is what lets you answer 'where did this application get stuck?' quickly.
Frequently asked questions
What is the single most useful thing to log?
The request/correlation ID the API returns, alongside status and latency. It lets you and Credicorp support trace a specific call, and it ties an outbound request to its later webhook.
What must I never log?
Bearer tokens and the client secret. Redact them from request logs and error reports — a leaked token in a log is as dangerous as one in code.
Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.
