Question
There is some action (e.g. an order was placed) which was done unexpectedly, the event log show that an action initiator is the user -1, which is system. Checking the logs shows that an action was initiated with API. Any way to identify an API initiator? How to check from what IP address order was placed?
Answer
Currently it is not possible to see the API call initiator IP address. There is feature request #PBA-47731 ("Log the IP Address of External Systems when performing API Calls into appropriate logs") to implement such possibility.
In xmlrpcd logs it is possible to see how the order was created.
IPAddressID parameter in "Pay Tool Data" section of the PlaceOrderAndAuthorize_API call contains the customers current IP address.
For example:
[14-01-25 20:18:17.708 XRExecutor TH06668 TRC] +++[0] virtual void Execute::execute(XmlRpc::XmlRpcValue&, XmlRpc::XmlRpcValue&)({[Container:BM_Container,Lang:en,Method:PlaceOrderAndAuthorize_API
,Object:BM_Object,Params:{****,IPAddressID=192.168.34.223}]})
=========================
In case this field contains 127.0.0.1 it might mean whether API call was placed using curl client from BA management node, or some API proxy application is running between Online Store host and BA management host.
In second case real IP address can be found on the Online Store host in the store log and apache log:
=======/usr/local/bm/templatestore/logs/store.log=======
[14-01-25 20:18:17.332 TEMPLATESTORE 0000036 NTE] ####### start trace #########################
[14-01-25 20:18:17.343 TEMPLATESTORE 0000036 NTE] started at 14-01-25 20:18:17.343
[14-01-25 20:18:17.343 BMAPI 0000036 NTE] PHPSESSID: nj8jcgjpnc242gi16ep8rnm513
[14-01-25 20:18:17.344 BMAPI 0000036 NTE] USERID: NOBODY
[14-01-25 20:18:17.344 TEMPLATESTORE 0000036 NTE] SCRIPT_DIR:
[14-01-25 20:18:17.345 TEMPLATESTORE 0000036 NTE] Locale::Locale en
[14-01-25 20:18:17.345 TEMPLATESTORE 0000036 NTE] Locale::GetDictionary locale=en
[14-01-25 20:18:17.345 TEMPLATESTORE 0000036 NTE] Locale::ParseDictionary ../cache/1/lang/en.inc
[14-01-25 20:18:17.346 TEMPLATESTORE 0000036 NTE] Request from 192.168.34.223 for StoreID #1, VendorID #1, __http_index_php=
=============
======/var/log/httpd/access.log:=====
192.168.34.223 - - [25/Jan/2014:20:17:06 -0500] "GET /index.php?info=statebook&CountryID=ru HTTP/1.1" 200 5396 "http://10.39.87.43/index.php?NAME_PATH=HOSTING_PATH&SCREEN=CHECKOUT_SCREEN" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0"
===================
APIs can be called:
- from on-line store
- from POA
- from external system.
The logs of all three sources are to be checked for API call source identification.