Even with Allow tracing disabled I get de Opc-Apim-Trace-location in response header

AZ_Ferran Rubio Llovich 0 Reputation points
2023-07-07T09:40:48.81+00:00

Hi

We have APIs using a subscription with Allow Tracing disabled (all the subscriptions have tracing disabled). The owner of the Subscription is not the Administrator.

However, from Postman, when I make a call to any API with this subscription, If I add the request header Ocp-Apim-Trace with the value "true" then we can see that response includes the OCP-Apim-Trace-Location header, and we need to avoid this.

We want to avoid this beacuse this is only intended for debug purposes and we don't want to expose this information. Following the documentation we think we have the configuration as expected so only Disabling the tracing of the subscription sholuld be enouhg.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,262 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,042 questions
{count} votes

1 answer

Sort by: Most helpful
  1. navba-MSFT 27,340 Reputation points Microsoft Employee
    2023-07-10T12:39:38.7633333+00:00

    @AZ_Ferran Rubio Llovich Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    I understand that the OCP-Apim-Trace-Location response header is present even when the Allow Tracing option is disabled for that subscription.

    I am unable to reproduce this issue at my end. This issue requires some isolation.

    1. Could you please check if the Tracing is enabled at the Product level ?
      User's image
    2. Could you please try creating a new subscription (with AllowTracing Disabled) and associate it with a product / API and check if the issue happens on that too?
    3. Could you try creating a new API altogether and try this newly created subscription key and check if this issue occurs on that?
    4. Could you please try with Ocp-Apim-Trace to False and confirm if the Trace Location response is still returned? Then send subsequent requests with Ocp-Apim-Trace as True and validate again.
    5. Please confirm if there aren't any caching policies configured for that API.

    Awaiting your reply.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.