Request Data Integration

The Request Data integration automatically attaches HTTP request information to error events in Node.js and server-side environments.

Installation

This integration is enabled by default in Node.js SDKs.

import * as Sentry from '@sentry/node';

Sentry.init({
  dsn: 'your-dsn',
  // requestDataIntegration is included by default
});

What Data Is Captured

By default, the integration captures:

HTTP Method: GET, POST, PUT, etc.
URL: Request URL
Headers: All HTTP headers
Cookies: Request cookies
Query String: URL parameters
Request Body: POST/PUT data
IP Address: Client IP (requires sendDefaultPii: true)

Configuration

Default Configuration

All data except IP addresses is captured by default:

Sentry.init({
  dsn: 'your-dsn',
  integrations: [
    Sentry.requestDataIntegration({
      include: {
        cookies: true,
        data: true,
        headers: true,
        query_string: true,
        url: true,
        ip: false, // Requires sendDefaultPii: true
      },
    }),
  ],
});

Selective Data Capture

Control which data is included:

Sentry.init({
  dsn: 'your-dsn',
  integrations: [
    Sentry.requestDataIntegration({
      include: {
        url: true,
        headers: true,
        query_string: false, // Don't include query params
        data: false,         // Don't include body
        cookies: false,      // Don't include cookies
      },
    }),
  ],
});

Capturing IP Addresses

IP addresses are only captured when sendDefaultPii is enabled:

Sentry.init({
  dsn: 'your-dsn',
  sendDefaultPii: true, // Required for IP capture
  integrations: [
    Sentry.requestDataIntegration({
      include: {
        ip: true,
      },
    }),
  ],
});

Configuration Options

include

object

Controls what data is captured from requests

Show properties

url

boolean

default:"true"

Include request URL

headers

boolean

default:"true"

Include HTTP headers

boolean

default:"true"

Include request cookies

query_string

boolean

default:"true"

Include URL query parameters

data

boolean

default:"true"

Include request body data

boolean

default:"false"

Include client IP address (requires sendDefaultPii: true)

Request Data in Events

Captured data appears in the event’s request property:

{
  request: {
    method: 'POST',
    url: 'https://example.com/api/users',
    query_string: 'page=1&limit=10',
    headers: {
      'content-type': 'application/json',
      'user-agent': 'Mozilla/5.0...',
      'x-api-key': '[Filtered]',
    },
    cookies: {
      session_id: '[Filtered]',
      preferences: 'dark-mode',
    },
    data: {
      username: 'john_doe',
      email: '[email protected]',
    },
  },
  user: {
    ip_address: '192.168.1.1', // Only if sendDefaultPii: true
  },
}

IP Address Detection

The integration checks these headers for client IP (in order):

x-forwarded-for
x-real-ip
x-client-ip
cf-connecting-ip (Cloudflare)
true-client-ip (Cloudflare Enterprise)
x-cluster-client-ip
forwarded
Socket remote address

// Headers checked (from packages/core/src/vendor/getIpAddress.ts)
const ipHeaderNames = [
  'x-forwarded-for',
  'x-real-ip',
  'x-client-ip',
  'cf-connecting-ip',
  'true-client-ip',
  'x-cluster-client-ip',
  'forwarded',
];

Privacy Considerations

Be careful about sensitive data in requests. Use beforeSend to scrub sensitive information.

Excluding Sensitive Headers

Sentry automatically filters common sensitive headers, but you can add more:

Sentry.init({
  dsn: 'your-dsn',
  beforeSend(event) {
    // Remove sensitive headers
    if (event.request?.headers) {
      delete event.request.headers['x-api-key'];
      delete event.request.headers['authorization'];
      delete event.request.headers['x-auth-token'];
    }
    return event;
  },
});

Excluding Sensitive Cookies

Sentry.init({
  dsn: 'your-dsn',
  beforeSend(event) {
    if (event.request?.cookies) {
      delete event.request.cookies['session_token'];
      delete event.request.cookies['auth_cookie'];
    }
    return event;
  },
});

Filtering Request Body Data

Sentry.init({
  dsn: 'your-dsn',
  beforeSend(event) {
    if (event.request?.data) {
      // Remove sensitive fields
      const data = { ...event.request.data };
      delete data.password;
      delete data.credit_card;
      delete data.ssn;
      event.request.data = data;
    }
    return event;
  },
});

Framework Integration

The integration works automatically with popular frameworks:

Express

import express from 'express';
import * as Sentry from '@sentry/node';

const app = express();

Sentry.init({
  dsn: 'your-dsn',
  integrations: [
    Sentry.requestDataIntegration(),
  ],
});

app.use(Sentry.Handlers.requestHandler());

app.get('/api/users', (req, res) => {
  // Request data automatically captured on errors
  throw new Error('Something went wrong');
});

app.use(Sentry.Handlers.errorHandler());

Fastify

import Fastify from 'fastify';
import * as Sentry from '@sentry/node';

const fastify = Fastify();

Sentry.init({
  dsn: 'your-dsn',
  integrations: [
    Sentry.requestDataIntegration(),
  ],
});

fastify.get('/api/users', async (request, reply) => {
  // Request data automatically captured
  throw new Error('Something went wrong');
});

Next.js

// next.config.js
import { withSentryConfig } from '@sentry/nextjs';

export default withSentryConfig({
  // Next.js config
});

// sentry.server.config.js
import * as Sentry from '@sentry/nextjs';

Sentry.init({
  dsn: 'your-dsn',
  // requestDataIntegration is enabled by default
});

Source Code

The Request Data integration is implemented in: packages/core/src/integrations/requestdata.ts:35

Practical Examples

API Error Context

app.post('/api/orders', async (req, res) => {
  try {
    const order = await createOrder(req.body);
    res.json(order);
  } catch (error) {
    Sentry.captureException(error);
    // Error includes full request context:
    // - POST /api/orders
    // - Request body with order data
    // - Headers, cookies, query params
    res.status(500).json({ error: 'Failed to create order' });
  }
});

GraphQL Queries

import { ApolloServer } from '@apollo/server';

const server = new ApolloServer({
  typeDefs,
  resolvers,
  formatError: (error) => {
    Sentry.captureException(error.originalError || error);
    // Captures GraphQL query in request data
    return error;
  },
});

Debugging Failed Requests

Request data helps identify patterns in failures:

app.use((req, res, next) => {
  // Add custom request metadata
  Sentry.setContext('request_metadata', {
    route: req.route?.path,
    params: req.params,
    authenticated: !!req.user,
  });
  
  next();
});

Best Practices

Always review captured request data for sensitive information before deploying to production.

Enable sendDefaultPii carefully: Only when you need user IP addresses
Filter sensitive data: Use beforeSend to remove passwords, tokens, etc.
Comply with privacy regulations: Ensure request data capture complies with GDPR, CCPA, etc.
Monitor data volume: Large request bodies increase event size

Troubleshooting

Request Data Not Appearing

Ensure the integration is enabled:

Sentry.init({
  dsn: 'your-dsn',
  debug: true, // Enable debug logging
});

Partial Request Data

Check your include configuration:

Sentry.requestDataIntegration({
  include: {
    // Ensure all needed fields are true
  },
});

Event Filters - Filter events by URL or pattern
Context - Add custom context
beforeSend - Modify events before sending

Core Integrations

AI Monitoring

Database & Backend

Installation

What Data Is Captured

Configuration

Default Configuration

Selective Data Capture

Capturing IP Addresses

Configuration Options

Request Data in Events

IP Address Detection

Privacy Considerations

Excluding Sensitive Headers

Excluding Sensitive Cookies

Filtering Request Body Data

Framework Integration

Express

Fastify

Next.js

Source Code

Practical Examples

API Error Context

GraphQL Queries

Debugging Failed Requests

Best Practices

Troubleshooting

Request Data Not Appearing

Partial Request Data

Build docs developers (and LLMs) love

Core Integrations

AI Monitoring

Database & Backend

​Installation

​What Data Is Captured

​Configuration

​Default Configuration

​Selective Data Capture

​Capturing IP Addresses

​Configuration Options

​Request Data in Events

​IP Address Detection

​Privacy Considerations

​Excluding Sensitive Headers

​Excluding Sensitive Cookies

​Filtering Request Body Data

​Framework Integration

​Express

​Fastify

​Next.js

​Source Code

​Practical Examples

​API Error Context

​GraphQL Queries

​Debugging Failed Requests

​Best Practices

​Troubleshooting

​Request Data Not Appearing

​Partial Request Data

​Related

Build docs developers (and LLMs) love

Installation

What Data Is Captured

Configuration

Default Configuration

Selective Data Capture

Capturing IP Addresses

Configuration Options

Request Data in Events

IP Address Detection

Privacy Considerations

Excluding Sensitive Headers

Excluding Sensitive Cookies

Filtering Request Body Data

Framework Integration

Express

Fastify

Next.js

Source Code

Practical Examples

API Error Context

GraphQL Queries

Debugging Failed Requests

Best Practices

Troubleshooting

Request Data Not Appearing

Partial Request Data

Related