User Attribution is the process of identifying a user ID, role, and other custom attributes. Once Traceable identifies these attributes, it is easier to associate them with the user action. This feature is also required to attribute the user requests across multiple user sessions.
What will you learn in this topic?
By the end of this topic, you will be able to:
Understand why IP-based tracking is not enough for identifying API users and when you should apply user attribution for authenticated traffic.
Identify and choose the right attribution scheme (Basic, Token-based, or Custom) based on your authentication model.
Configure user attribution rules to extract user IDs, roles, scopes, auth types, and other custom attributes.
Validate your configuration using preview (matching spans or .har uploads) before enforcing it.
Understand how rule ordering, prioritization, and evaluation impact accurate and reliable identity resolution.
Understand user attribution
The table below explains why you should use user attribution, when it is most relevant, and how to configure it to identify and analyze API users accurately.
Why use it? | When to use? | How can you leverage it? |
|---|---|---|
You move beyond unreliable signals like IP addresses, which can be shared or spoofed, and directly link API activity to authenticated user identities. This gives you accurate, user-level visibility and consistent identity correlation across sessions, devices, and environments. | You use this when authenticated users access your APIs, and IP-based visibility is insufficient, especially when you need user-level monitoring, behavioral analytics, or audit-ready traceability across different environments and authentication schemes. | You configure attribution rules using Basic, Token-based, or Custom authentication to extract user ID, role, scope, auth type, and custom attributes. You validate configurations using preview, apply conditions and transformations, and prioritize rule ordering to ensure accurate, reliable, and context-rich user attribution. |
Types of user attribution schemes
You can configure user attribution using either of the following authentication schemes:
Authentication Scheme | Description |
|---|---|
Basic | Configuration for detecting the user ID from the basic authentication schema using the request header. |
Token-based | Configuration for detecting the user ID, role, scope, auth type, and custom attributes from the JWT authentication schema using either the header, cookie, or the location from which you wish to extract the token, according to your requirements. |
Custom | Configuration for detecting user ID, role, scope, auth type, and custom attributes from a custom authentication schema using headers, tokens, or the location from which you wish to extract the token, according to your requirements. |
Preview user attribution configuration
While configuring user attribution, you can also see a preview of the rule based on the attributes you selected. Using this preview, you can verify that the transformations work as expected and the attributes are being extracted according to your requirements. The preview can be generated in either of the following ways:
Matching Spans (default) — Traceable automatically checks for any available spans according to the attributes and configurations you specify. If the spans are available, Traceable extracts the attribute values and displays the final result. At this time, you can also view the values extracted at each step of the configuration.
Note
This method is available only when spans are non-obfuscated and non-redacted.
File Upload — If the spans are unavailable due to obfuscated or redacted data, Traceable allows you to upload a
.harfile and generate a preview. Traceable, according to the file, extracts the attribute values and displays the result. Similar to the matching spans method, you can view the values extracted at each step of the configuration. For more information on configuring user attribution and generating previews, see the section below.Note
Custom user attribution schemes that use Custom JSON do not support Preview.
Configure user attribution
To configure user attribution, navigate to Settings (
) → User Attribution → User Attribution tab, click + Add User Attribution, and based on the authentication scheme you select, you can navigate to the following sections:
User Attribution view
Once you have configured the rules, Traceable displays them on the User Attribution page.
.png)
User Attribution Actions
The following details are displayed for each rule:
Rule Information | Description |
|---|---|
Name | The name you specified while creating the rule. |
Scope | The scope you defined in the rule. This can have either of the following values:
|
Authentication Scheme | The authentication type (Basic, Token-based, or Custom) you selected before creating the rule. |
You can also enable or disable the rules using the toggle next to each rule. Traceable also allows you to reorder the rules by dragging them. Based on the rule order, Traceable executes them from top to bottom. For more information on how rule ordering plays an essential role in their execution, see Rule Processing.
Apart from the above, Traceable enables you to perform the following actions on a rule:
Actions | Description |
|---|---|
Edit | To update a rule, do either of the following:
|
Delete | To delete a rule, click the Ellipse (
|
) icon corresponding to a rule and click Edit.Rule processing
Traceable processes user attribution rules by breaking them down into individual components based on the attributes. This means that a rule appears as a single entity on the User Attribution page; however, Traceable deconstructs it into separate rules based on each attribute type (User ID, User Role, User Scope, Auth Type, and Custom) before evaluating them internally. Traceable evaluates these rules in the order they appear in the user interface, meaning the topmost rule is evaluated first, followed by the ones below. Traceable follows an all-match and first-match approach for processing rules according to the attribute type:
Attribute Type | Processing Details |
|---|---|
User ID/User Role/User Scope/Custom | All rules for the relevant attribute are sent to the backend and evaluated on a first-match basis, in the order they appear. Traceable evaluates each rule in the sequence, as mentioned above, and stops at the first matching rule, disregarding any subsequent rules for that attribute. This makes rule ordering important, as the highest one in the sequence takes effect. |
Auth Type | All rules for this attribute are sent to the backend and executed on an all-match basis, in the order they appear. Instead of stopping at the first match, Traceable collects all relevant matches into an array and shows them on the platform. |
This sequential rule-based processing ensures accurate and flexible user attribution, especially for complex configurations. You can customize the priority and application of each rule by arranging them on the User Attribution page according to your business requirements.