Description
Kaiizen API Request Monitor is an advanced API monitoring and debugging plugin for WordPress. Track incoming REST API requests, outbound HTTP requests, webhook activity, API performance, authentication failures, and WooCommerce API events in real time.
Whether you’re building custom integrations, troubleshooting API errors, testing endpoints, monitoring webhooks, or auditing API security, Kaiizen API Request Monitor provides the tools needed to understand exactly how data moves through your WordPress site.
Perfect for:
WordPress developers
WooCommerce developers
API integrators
Agencies managing client websites
DevOps and support teams
Plugin and theme developers
Core Features
- Request Logger — Logs all incoming WordPress REST API requests: method, endpoint, headers, body, response code, response time, user, and IP address.
- Outbound Logger — Intercepts all outbound HTTP requests made via
wp_remote_*functions and logs URL, headers, payload, and response. - Webhook Logger — Captures and logs both incoming and outgoing webhooks, including WooCommerce webhooks.
- API Explorer — A built-in HTTP client that lets you build and fire REST requests (GET, POST, PUT, PATCH, DELETE) directly from your WordPress admin. Save requests as reusable templates.
- Performance Analytics — Dashboard with hourly request volume charts, slowest endpoints, most-used endpoints, requests per minute, and error rate metrics.
- Security Monitor — Detects brute-force API authentication failures and fires configurable alerts via Email, Slack, or Discord.
- Activity Timeline — WooCommerce integration that tracks order, product, customer, and coupon changes made through the REST API.
Security & Privacy
- All logs are stored in your own database — no data is sent to external services unless you configure Slack or Discord webhook alerts.
- Configurable field masking automatically redacts sensitive keys (passwords, tokens, API keys, Authorization headers) from stored logs.
- Log retention is configurable (default: 30 days); old logs are pruned automatically via daily cron.
- Dashboard access is restricted to WordPress administrators (
manage_optionscapability).
External Services
This plugin can optionally send security alert notifications to third-party webhook services. This only happens when you explicitly configure a webhook URL in Settings and enable alerts.
- Slack — Alert payloads (event type and details) are sent to your configured Slack Incoming Webhook URL. Terms: https://slack.com/terms-of-service | Privacy: https://slack.com/privacy-policy
- Discord — Alert payloads (event type and details) are sent to your configured Discord Webhook URL. Terms: https://discord.com/terms | Privacy: https://discord.com/privacy
No data is transmitted to external services unless you configure these integrations.
Source Code
The plugin includes a compiled JavaScript bundle (build/index.js) generated from source files in the src/ directory using @wordpress/scripts (webpack). The full source is included in the plugin package under src/. To rebuild: npm install && npm run build.
Requirements
- WordPress 6.0 or higher
- PHP 7.4 or higher
- WooCommerce (optional) — required only for the Activity Timeline and WooCommerce webhook logging features.
Screenshots
Installation
- Upload the
kaiizen-api-request-monitorfolder to the/wp-content/plugins/directory, or install the plugin through the WordPress plugins screen directly. - Activate the plugin through the Plugins screen in WordPress.
- Navigate to Kaiizen API Request Monitor in the WordPress admin sidebar.
- Configure your settings (log retention, masked fields, alert thresholds) under the Settings tab.
FAQ
-
Will this plugin slow down my site?
-
No. Request and outbound logs are written to the database during the PHP shutdown phase (after the response is sent to the browser), so logging adds zero latency to your API responses.
-
Can I control what gets logged?
-
Yes. You can configure which fields are automatically masked (e.g., passwords, tokens, Authorization headers). Logs for the plugin’s own dashboard API calls are excluded from the log to prevent loops.
-
How long are logs kept?
-
By default, logs older than 30 days are deleted automatically. You can change the retention period (or disable automatic cleanup) from the Settings tab.
-
Is WooCommerce required?
-
No. WooCommerce support is optional. The plugin detects whether WooCommerce is active and only loads the integration when it is.
-
Who can see the logs?
-
Only users with the
manage_optionscapability (Administrators). All REST API endpoints provided by this plugin require that capability. -
Can I export logs?
-
Yes. The Logs tab includes a CSV export button that downloads up to 10,000 of the most recent request logs.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“API Request Monitor: Monitor Incoming & Outgoing API Requests and Manage Webhooks” is open source software. The following people have contributed to this plugin.
Contributors
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.0.0
Initial public release.
Added incoming REST API request monitoring and logging.
Added outbound HTTP request monitoring for WordPress integrations.
Added incoming and outgoing webhook tracking.
Added API Explorer for testing REST API endpoints.
Added performance monitoring and request analytics.
Added security auditing with failed authentication tracking.
Added brute-force detection and security alerts.
Added WooCommerce activity monitoring.
Added configurable log retention and automatic cleanup.
Added Email, Slack, and Discord notifications.