New on GitHub, Zato HTTP audit log allows you to store requests and responses, along with their headers in a database that can be queried at any time.

Recognizing that certain parts of messages should never be stored anywhere because of their sensitive nature, one can also specify JSON Pointers or XPath expressions indicating which elements in a message should be masked out - for instance, user passwords and social security numbers don’t necessarily belong in the audit log.

The database can be asked to return only those items that match a given criteria, for instance - a correlation ID or a value of a header.

As always with each feature, audit log comes with both REST and SOAP APIs to facilitate the creation of interesting supplementary tools on top of what is available by default.