Comment 0 for bug 624854

We would want to know which api user is making which api calls and when. Apache logs aren't enough for this because they don't track the authorization headers provided in the requests, so we'd need to use a custom application log for this. Ideally we'd log:
 - If it was an anonymous api call, or the api basic / oauth user that was authorized
 - The called method (full url and ws.op GET argument provide this)
 - Time at which the call was made

It might make sense to also log the arguments provided to named methods, as long as we don't log sensitive data (let's not log passwords or token secrets for example).