Lesson 4

Debugging URLs in Logs and APIs

Use parsed components to debug redirects, signatures, cache keys, and tracking links.

When a URL bug appears in production, the full string is often noisy. Parse it first, then compare components.

Redirect bugs

For redirects, check:

  • Scheme and host
  • Path with or without trailing slash
  • Query values that contain encoded URLs
  • Fragment values that never reach the server

OAuth redirect bugs often hide inside nested URLs:

redirect_uri=https%3A%2F%2Fapp.example.com%2Fcallback%3Fnext%3D%252Fbilling

Decode one layer at a time. Decoding everything at once can hide which layer owns which delimiter.

Signature bugs

For signed URLs, compare:

  • Parameter order
  • Percent-encoding
  • Included and excluded fields
  • Timestamp and expiry values
  • Host and path casing rules

The signer and verifier must canonicalize the URL in the same way.

Cache bugs

Caches may treat these URLs as different:

?a=1&b=2
?b=2&a=1

Or they may normalize them to the same cache key. Know which rule your CDN, proxy, or application layer uses.

A practical workflow

  1. Save the original URL exactly as observed.
  2. Parse it into components.
  3. Decode values only at the layer you are inspecting.
  4. Compare expected and actual components.
  5. Rebuild the URL using explicit rules.

The goal is not to make the URL pretty. The goal is to preserve the meaning the receiving system expects.

When you want to practice, use the related DevCove tool — optional, not part of this lesson.

Open related tool

Back to course overview