Imagine you are the CTO of an insurance company, and your clients’ identities are connected with your online business activities through an authentication API. Through this API, you can easily process the creation, modification and deletion of your company’s clients.
If the API plays an important role in customer engagement, you probably want to make sure that you monitor the API in order to identify when it goes down or is underperforming. If you don’t, you fall short on the QA front, and your business could suffer as a result.
In this article, I discuss which types of API monitoring features and strategies you need to achieve effective QA for your APIs, and to protect business value. I’ll be using Runscope’s API monitoring software to illustrate how you can put these goals into action.
Uptime Monitoring and Dashboards
There are a lot of notification tools to tell you when an API is down. Your API monitoring tool should have built-in integrations with the most popular notification services like Slack, PagerDuty, email, etc.
However, these tools are not enough on their own. To avoid false positives, you also need threshold-based downtime alerts. Otherwise you will get a lot of alerts blinding you from the real ones you need to act on.
API monitoring should therefore offer visualizations in a dashboard, so you can see in one view if your API is down or not.
Uptime tools may show that your API is running—but is it also returning the correct data in JSON or XML format? Are the responses, HTTP headers and status codes correct?
This information is vital, because you do not want to give your client insufficient or incorrect data/status codes. (For example, your client logs in with an incorrect password. It is better to communicate to the client that the username/password is not known rather than using a status code like HTTP 403.)
Live Traffic Alerts
Traffic alerts should be triggered by selective criteria and logged in near real-time. This way, you can always study the alerts later, and you have proof that a downtime/failure did or did not occur.
Additionally, you’ll want to connect these traffic alerts to your inbox for escalation, but avoid flooding by only notifying when the first, 10th, 100th, 1,000th and 10,000th matches are detected. (Otherwise your DevOps colleagues will harass you during lunch.)
You want to be able to use API monitoring throughout the whole development lifecycle to notify the correct team when something is wrong with the API. This is especially important when using DTAP streets (Dev, Test, Acceptance and Production) where the different environments have the API implemented and a production team member does not have to know when something is down in Test or Development.
When possible, connect your monitoring API with the continuous integration tool you use (e.g. Jenkins).
Diagnose and Debug
One of the core features that an API monitoring tool should deliver is the previously noted logging of your API calls—Plus, a way to debug should also be included. Ideally, you should have the opportunity to replay the API call and compare it to the original call.
API monitoring is important to ensure that the quality of your API is maintained.
This article discussed the following features NOT to be forgotten in the API monitoring tool you use:
- Uptime monitoring and dashboards
- Data validation
- Live traffic alerts
- Diagnose and debug
Be sure to include these in your quickscan when choosing your API monitoring tool.