Treblle with Strapi

treblle

The official Treblle SDK for JavaScript frameworks including Strapi. Seamlessly integrate Treblle to manage communication with your dashboard, send errors, and secure sensitive data.

To integrate Treblle with Strapi, we provide an official unified SDK for JavaScript frameworks - treblle-node.

Since Strapi runs on Koa under the hood, Treblle integrates as middleware in your Strapi configuration.

Requirements

Node.js: >=18.0.0 LTS
Strapi: 4.x or 5.x

Installation

npm install treblle@^2.0.0

Setting up credentials

Create a free account on treblle.com to get your credentials:

sdkToken (SDK Token)
apiKey (API Key)

Add these to your .env file:

TREBLLE_SDK_TOKEN=your_sdk_token
TREBLLE_API_KEY=your_api_key

Step 1: Create the middleware

Create the middleware in middlewares/treblle/index.js:

const { strapiTreblle } = require("treblle");

module.exports = (strapi) => {
  return {
    initialize() {
      strapi.app.use(
        strapiTreblle({
          sdkToken: process.env.TREBLLE_SDK_TOKEN,
          apiKey: process.env.TREBLLE_API_KEY,
        })
      );
    },
  };
};

Step 2: Enable the middleware

Enable the middleware in config/middleware.js:

module.exports = {
  settings: {
    treblle: {
      enabled: true,
    },
  },
};

And that’s it! Treblle will now monitor your Strapi content API.

Configuration Options

You can pass additional configuration options to the middleware:

strapi.app.use(
  strapiTreblle({
    sdkToken: process.env.TREBLLE_SDK_TOKEN,
    apiKey: process.env.TREBLLE_API_KEY,
    additionalFieldsToMask: ["customSecret", "internalId"], // Optional
    blocklistPaths: ["admin", "webhooks"], // Optional: Skip logging certain paths
    ignoreDefaultBlockedPaths: false, // Optional: Disable default blocked paths
    debug: true, // Optional: Show Treblle errors in console
    ignoreAdminRoutes: ["admin", "content-manager"], // Optional: Ignore admin routes
  })
);

Available options:

sdkToken (required): Your Treblle SDK token
apiKey (required): Your Treblle API key
additionalFieldsToMask (optional): Array of field names to mask in addition to default fields
blocklistPaths (optional): Array of path prefixes or RegExp to exclude from logging
ignoreDefaultBlockedPaths (optional): Boolean to disable default blocked paths (default: false)
debug (optional): Boolean to show Treblle-related errors in console (default: false)
ignoreAdminRoutes (optional): Array of admin route prefixes to ignore (default: ["admin", "content-type-builder", "content-manager"])

Note on ignoreAdminRoutes

The ignoreAdminRoutes option helps avoid logging internal admin panel requests that are typically not part of your public API. By default, it ignores the admin panel and content management routes.

Production-only Setup

Run Treblle only in production by conditionally enabling the middleware:

module.exports = {
  settings: {
    treblle: {
      enabled: process.env.NODE_ENV === "production",
    },
  },
};

Masking Sensitive Data

The following fields are automatically masked:

password, pwd, secret, password_confirmation, passwordConfirmation
cc, card_number, cardNumber, ccv
ssn
credit_score, creditScore

Add custom fields to mask:

strapiTreblle({
  sdkToken: process.env.TREBLLE_SDK_TOKEN,
  apiKey: process.env.TREBLLE_API_KEY,
  additionalFieldsToMask: ["customSecret", "apiToken"],
});

Debugging

Enable debug mode to see Treblle errors in your console:

strapiTreblle({
  sdkToken: process.env.TREBLLE_SDK_TOKEN,
  apiKey: process.env.TREBLLE_API_KEY,
  debug: true,
});