Weave Code
Laravel Spy Laravel Package
farayaz/laravel-spy
Zero-config Laravel package to spy on outgoing HTTP calls. Automatically logs Laravel Http facade and Guzzle requests with URL, method, headers, payload, response/status, and duration. Includes configurable logging and obfuscation for sensitive data.
Product Decisions This Supports
- Debugging & Observability: Accelerates resolution of API-related issues by providing granular logs of outgoing HTTP requests, including payloads, responses, and timing. Ideal for debugging third-party integrations (e.g., payment gateways, SaaS APIs) without manual instrumentation.
- Security & Compliance: Enables auditing of external API calls to meet regulatory requirements (e.g., GDPR, PCI-DSS) by logging sensitive data with configurable obfuscation. Helps track exposure of PII or tokens in API requests/responses.
- Performance Optimization: Identifies slow or failing external dependencies by logging response times and status codes, informing infrastructure decisions (e.g., caching, retries, or switching providers).
- Cost Management: Tracks API usage patterns (e.g., rate limits, unexpected calls) to optimize budgets for paid services (e.g., AWS, Stripe, Twilio). Flags anomalies like excessive API calls or misconfigured endpoints.
- Roadmap Justification: Provides data to prioritize internal API improvements or middleware (e.g., "80% of our API failures stem from X provider"). Validates investment in internal tools by quantifying pain points.
- Build vs. Buy: Avoids reinventing HTTP logging infrastructure; lightweight alternative to custom solutions or paid tools (e.g., Postman Interceptor, commercial APM tools).
- Use Cases:
- Debugging flaky third-party integrations (e.g., payment processors, webhooks).
- Post-mortems for outages caused by external dependencies.
- Monitoring internal API clients or microservices.
- Compliance audits for data leakage or unauthorized API calls.
- Cost analysis for API-heavy features (e.g., "This feature costs $X/month in API calls").
When to Consider This Package
-
Adopt if:
- Your Laravel application makes frequent or critical external API calls (e.g., 3+ integrations with high impact).
- Debugging HTTP issues is a bottleneck (e.g., >20% of support tickets or incident reports).
- You lack centralized logging for API traffic (e.g., no ELK/Logstash setup or custom solution).
- Compliance or security requirements mandate auditing external requests (e.g., financial, healthcare, or high-risk data).
- Your team lacks time/resources to build and maintain a custom HTTP logging solution.
- You need quick wins for observability without significant upfront effort.
-
Look elsewhere if:
- You require real-time monitoring or alerts (this is for logging; pair with Laravel Horizon or a dedicated APM tool).
- You need request/response transformation (e.g., masking tokens dynamically; use middleware or a proxy like WireMock).
- Your stack uses non-Laravel HTTP clients (e.g., standalone Guzzle, cURL, or non-PHP clients; integrate via custom middleware).
- You need advanced analytics (e.g., SLA tracking, correlation IDs, or distributed tracing; use Prometheus, Grafana, or OpenTelemetry).
- Your team prefers zero-dependency solutions (this adds a package; evaluate trade-offs for greenfield projects).
- You already have a mature logging/observability stack (e.g., structured logging with ELK or Datadog) that can handle HTTP traffic.
How to Pitch It (Stakeholders)
For Executives: *"Laravel Spy is a lightweight, zero-cost tool that provides visibility into our external API traffic—like a black-box recorder for HTTP calls. It’ll help us:
- Reduce debugging time by 30–50% for API-related issues (e.g., payment failures, webhook delays).
- Cut support costs by identifying root causes of flaky integrations faster.
- Avoid compliance risks by auditing external requests for sensitive data leaks.
- Optimize API spend by tracking usage patterns and spotting cost anomalies. For the price of a developer’s lunch, we get a tool that’s already used by [X] teams to solve [Y] problem. Let’s pilot it on our [high-impact integration] to prove the value."*
For Engineering Leaders: *"This package solves a common pain point: debugging external APIs is a nightmare. Here’s why it’s worth adopting:
- 5-minute setup: Just
composer requireand configure—no custom code needed. - Works out of the box: Logs Laravel HTTP client and Guzzle requests/responses with zero effort.
- Protects sensitive data: Configurable obfuscation masks tokens, passwords, or PII in logs.
- Future-proof: Supports Laravel 10–13 and integrates with existing logging drivers (e.g., Monolog).
- Low risk: MIT-licensed, actively maintained, and used by [X] teams. Trade-off: Adds a lightweight dependency (~500 LOC), but saves 10x more time than rolling our own solution. Let’s test it on [critical integration] first."*
For Developers:
*"No more dd()-ing API responses or guessing why a POST to Stripe failed. Laravel Spy gives you:
- Automatic logging of all HTTP requests (Laravel HTTP client + Guzzle).
- Rich details: URL, method, headers, payload, response, and timing—all in one place.
- No boilerplate: Just install, and start debugging. Example:
Http::post('https://api.stripe.com/charges', $data); // → Logs to `http_logs` table with full request/response. - Customizable: Exclude URLs, obfuscate sensitive fields, or limit log size. Downside: Adds a package, but it’s 10x faster than writing your own logger. Let’s use it for [specific use case] and see how it feels!"*
Weaver
How can I help you explore Laravel packages today?