=== API Request Monitor: Monitor Incoming & Outgoing API Requests and Manage Webhooks ===
Contributors: huzoorbakhsh
Tags: api, rest-api, debug, logging, monitoring
Requires at least: 6.0
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

A developer-focused tool for monitoring, debugging, testing, and logging WordPress REST API requests and external API integrations.

== Description ==

Kaiizen API Request Monitor is an advanced API monitoring and debugging plugin for WordPress. Track incoming REST API requests, outbound HTTP requests, webhook activity, API performance, authentication failures, and WooCommerce API events in real time.

Whether you're building custom integrations, troubleshooting API errors, testing endpoints, monitoring webhooks, or auditing API security, Kaiizen API Request Monitor provides the tools needed to understand exactly how data moves through your WordPress site.

Perfect for:

WordPress developers
WooCommerce developers
API integrators
Agencies managing client websites
DevOps and support teams
Plugin and theme developers

= Core Features =

* **Request Logger** — Logs all incoming WordPress REST API requests: method, endpoint, headers, body, response code, response time, user, and IP address.
* **Outbound Logger** — Intercepts all outbound HTTP requests made via `wp_remote_*` functions and logs URL, headers, payload, and response.
* **Webhook Logger** — Captures and logs both incoming and outgoing webhooks, including WooCommerce webhooks.
* **API Explorer** — A built-in HTTP client that lets you build and fire REST requests (GET, POST, PUT, PATCH, DELETE) directly from your WordPress admin. Save requests as reusable templates.
* **Performance Analytics** — Dashboard with hourly request volume charts, slowest endpoints, most-used endpoints, requests per minute, and error rate metrics.
* **Security Monitor** — Detects brute-force API authentication failures and fires configurable alerts via Email, Slack, or Discord.
* **Activity Timeline** — WooCommerce integration that tracks order, product, customer, and coupon changes made through the REST API.

= Security & Privacy =

* All logs are stored in your own database — no data is sent to external services unless you configure Slack or Discord webhook alerts.
* Configurable field masking automatically redacts sensitive keys (passwords, tokens, API keys, Authorization headers) from stored logs.
* Log retention is configurable (default: 30 days); old logs are pruned automatically via daily cron.
* Dashboard access is restricted to WordPress administrators (`manage_options` capability).

= External Services =

This plugin can optionally send security alert notifications to third-party webhook services. This only happens when you explicitly configure a webhook URL in Settings and enable alerts.

* **Slack** — Alert payloads (event type and details) are sent to your configured Slack Incoming Webhook URL. Terms: https://slack.com/terms-of-service | Privacy: https://slack.com/privacy-policy
* **Discord** — Alert payloads (event type and details) are sent to your configured Discord Webhook URL. Terms: https://discord.com/terms | Privacy: https://discord.com/privacy

No data is transmitted to external services unless you configure these integrations.

= Source Code =

The plugin includes a compiled JavaScript bundle (`build/index.js`) generated from source files in the `src/` directory using `@wordpress/scripts` (webpack). The full source is included in the plugin package under `src/`. To rebuild: `npm install && npm run build`.

= Requirements =

* WordPress 6.0 or higher
* PHP 7.4 or higher
* WooCommerce (optional) — required only for the Activity Timeline and WooCommerce webhook logging features.

== Installation ==

1. Upload the `kaiizen-api-request-monitor` folder to the `/wp-content/plugins/` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the **Plugins** screen in WordPress.
3. Navigate to **Kaiizen API Request Monitor** in the WordPress admin sidebar.
4. Configure your settings (log retention, masked fields, alert thresholds) under the **Settings** tab.

== Frequently Asked Questions ==

= Will this plugin slow down my site? =

No. Request and outbound logs are written to the database during the PHP shutdown phase (after the response is sent to the browser), so logging adds zero latency to your API responses.

= Can I control what gets logged? =

Yes. You can configure which fields are automatically masked (e.g., passwords, tokens, Authorization headers). Logs for the plugin's own dashboard API calls are excluded from the log to prevent loops.

= How long are logs kept? =

By default, logs older than 30 days are deleted automatically. You can change the retention period (or disable automatic cleanup) from the Settings tab.

= Is WooCommerce required? =

No. WooCommerce support is optional. The plugin detects whether WooCommerce is active and only loads the integration when it is.

= Who can see the logs? =

Only users with the `manage_options` capability (Administrators). All REST API endpoints provided by this plugin require that capability.

= Can I export logs? =

Yes. The Logs tab includes a CSV export button that downloads up to 10,000 of the most recent request logs.

== Screenshots ==

Dashboard overview showing API activity, request statistics, performance metrics, and recent events.
Incoming Request Logs with filtering, searching, request details, and export options.
Outbound Request Logs displaying HTTP requests initiated by WordPress plugins, themes, and integrations.
Webhook Monitor showing incoming and outgoing webhooks, including WooCommerce webhook activity.
API Explorer interface for testing REST API endpoints directly from the WordPress admin panel.
Security Audit screen displaying failed authentication attempts, suspicious activity, and brute-force detection events.
Settings page for configuring log retention, data masking, notifications, and monitoring preferences.

== Changelog ==

= 1.0.0 =

Initial public release.
Added incoming REST API request monitoring and logging.
Added outbound HTTP request monitoring for WordPress integrations.
Added incoming and outgoing webhook tracking.
Added API Explorer for testing REST API endpoints.
Added performance monitoring and request analytics.
Added security auditing with failed authentication tracking.
Added brute-force detection and security alerts.
Added WooCommerce activity monitoring.
Added configurable log retention and automatic cleanup.
Added Email, Slack, and Discord notifications.

== Upgrade Notice ==

= 1.0.0 =
Welcome to Kaiizen API Request Monitor. No upgrade actions are required.