Monitoring

We use azure monitor and in particular application insights to monitor our production systems.
Our applications logs are ingested, as well as requests, exceptions and dependency calls.
This means that we can tell how long requests take in our systems and how long each of the individual dependencies (e.g. database interactions) take.

Logging requests with individual clients

All HMPPS Auth tokens contain a client_id and optionally a user_name.
Each frontend application / service is issued with a different client_id so therefore this will uniquely identify a client.
For system to system interaction the user_name will normally be empty.
Both should then be included as extra attributes in the request logging so that clients can be identified and therefore we can track what clients are calling what endpoints and how often.

Correlating requests

We confirm to W3C tracing guidelines.
This means that we accept a traceparent header which can then be used to correlate requests across all applications and to identify a user’s journey through the application stack.

Application version

All our requests are also augmented with the current version of the application to help identify when issues first occurred and link back to the correct code.
This is of format <date>.<circleci job number>.<github reference> so can be traced back not only to the circleci job that built the code, but also the github commit of the code.

_{This page was last reviewed on 04-Sep-2024, next review will be on 04-Dec-2024.}