Add response headers and nginx logging to identify requests and registered applications used for a request

[sarayourfriend]

Problem

Right not it's not possible for us to identify applications related to a request. If any particular registered application is causing issues, it is essentially impossible for us to identify that through our existing request logging.

Description

Add the following parameters to Nginx logging (some will require new response headers added to relevant requests):

• Request ID (from the request ID logging middleware, present in the x-request-id response header)
• Registered client application name and verified status

The last two will require new headers added so that we can log them in Nginx.

This is not a privacy concern. Our API terms of service already allow for this kind of introspection into registered application usage, and we theoretically have more granular data if we really wanted to fingerprint or identify individual users. To clarify, that is not our intention with this. If we wanted to do that we'd fingerprint off of user agent and source IP. The intention behind this is to help identify potentially nefarious API requesters and to see if any of the identifiable bot traffic we see in traffic patterns is tied to specific registered applications. I'm adding this caveat just to clarify that adding this logging does not make anything less private than it already is.