Recipe

Log and observe your API calls

Instrument every call: capture the request ID, record RateLimit headers, redact secrets, and alert on error-rate and latency. Good observability turns a silent regression into an early warning.

2 min read

Request IDCorrelate
RateLimit-*Track budget
RedactNever log tokens

Capture the right fields

For each call, log the method, path, status, latency and any request/correlation ID the response carries — that ID is what Credicorp support will ask for. Record the RateLimit-Remaining so you can chart how close you run to the wall. Do not log the bearer token or client secret; redact them.

Alert on the signals that matter

Set alerts on rising 5xx or 429 rates (a sign you are being throttled — revisit back-off), on climbing latency, and on webhook processing lag. A 429 spike often means you have outgrown your tier or lost your caching.

Trace across the webhook boundary

Correlate the outbound application call with the inbound decision webhook using the resource ID, so you can trace a case end to end. This is what lets you answer 'where did this application get stuck?' quickly.

Frequently asked questions

What is the single most useful thing to log?

The request/correlation ID the API returns, alongside status and latency. It lets you and Credicorp support trace a specific call, and it ties an outbound request to its later webhook.

What must I never log?

Bearer tokens and the client secret. Redact them from request logs and error reports — a leaked token in a log is as dangerous as one in code.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.