Formalint

API Debugging Guide

Written by Ensar Karayel. Last updated May 22, 2026.

API debugging becomes expensive when every investigation starts from memory. A repeatable checklist keeps the session grounded: what request failed, what evidence exists, which contract was expected and which layer should be inspected next.

Start With Identity

Record the environment, route, method, status code, request ID and timestamp before changing code. These details let backend logs, gateway logs and monitoring dashboards point to the same event. Without them, developers often compare different failures as if they were one issue.

POST /api/customers
status: 422
request-id: sample-req-7f2a
environment: staging
timestamp: 2026-05-22T10:15:00+03:00

Separate Authentication From Payload Problems

A 401 or 403 usually starts with token validity, scopes, roles, tenant boundaries and clock skew. A 400 or 422 usually starts with payload shape, required fields, nullability, enum values and server-side validation. Keeping those paths separate prevents wasted debugging time.

Use Schema Thinking

Even if a team does not maintain a formal contract, a schema draft makes the conversation concrete. It shows the expected fields, types and array item shape. That makes it easier to spot a string sent where a number is expected, or an optional field that became required accidentally.

Logs Are Evidence, Not The Story

Logs should be tied to the request ID and timeline. A stack trace is useful, but it still needs context: request payload, authenticated subject, feature flag state, upstream response and retry behavior. Write down observations before naming the root cause.

Write A Reusable Report

A good API debugging report contains the smallest reproducible example, expected behavior, observed behavior, evidence, suspected layer and verification step. This helps the next person reproduce the issue without rereading the entire chat or ticket history.

Do not paste live tokens, private customer data or production secrets into debugging notes. Keep structure and replace sensitive values.

Use Formalint

Use the Formalint API Debugging Checklist to track an investigation and export a Markdown report. Use the HTTP Status Codes Reference when a response code needs a concrete next debugging step, and use the HTTP Headers Reference when auth, CORS, cache or browser security behavior is part of the failure. Related tools include the JSON Schema Generator, JSON Formatter, JWT Decoder and Timestamp Converter.