You hear about APIs (application program interfaces) everywhere now, and even if you don’t know what one is, you’ve probably heard the term more than once. In this article, we cover a few API basics, and we talk a bit about why you should use API monitoring if you publish or have an API that is critical to your business.
What is an API?
APIs are software programs that enable communication between themselves and other software programs. The software may allow communication between applications on the same device; for example, an app on your phone may use your phone’s camera. Or the communication may occur over a network such as the Internet; for example, the US Postal System publishes an API that verifies and normalizes addresses after the user enters their shipping information on an e-commerce site. Learn more about APIs.
How do APIs work?
On a fundamental level, a web service (an API accessible over the Internet) offers methods, such as updateCart
to add an item to a shopping cart. The method, updateCart
, will include value pairs such as "itemNumber":11515
, "size":"l"
, and "quantity":1
. The server accepts the formatted request and updates the user’s shopping cart. In most cases, the server responds with additional data for the client to process, such as recommended items based on the item they added to their cart or shipping cost estimations.
What do APIs do?
A company may publish APIs for their own use, and they often publish an API for the use of others. Like the postal example earlier, many companies offer services over APIs.
- Social media: Facebook, Twitter, and most other social media sites offer APIs that allow other sites and services to interact with their systems to manage advertising, make posts, and respond to user comments.
- Financial: Besides merchant services, financial institutions offer APIs for their user apps, interest rate tracking, stock prices, and loan applications.
- Entertainment: Besides ticketing and gaming services, many companies offer APIs to access their vast collections of entertainment-based data, such as movies, music, books, and celebrity trivia.
- Business: Many tools used every day in business operate using APIs. For example, customer relationship management applications, project management, and expense reporting.
- Smart devices: The Internet of Things includes all the smart devices in which we’ve surrounded ourselves: Automobiles, appliances, watches, televisions, speakers, even lightbulbs. All these devices use APIs to communicate with servers all over the world.
- Websites: APIs work in the background of most websites, especially SaaS (software as a service) applications. But even the most basic websites probably use one or more APIs to provide location services, advertising, or to pull content from another service.
API dependency
From the abbreviate list of devices and applications that use APIs above, you can see that even if you don’t publish an API for others to consume, your day-to-day functions probably revolve around multiple APIs. A problem with some of those APIs may affect you personally or your business directly. For example, consider the shopping cart API example above. If you’re an e-retailer and your users can’t add items to their cart, you can’t make sales. Being aware of those APIs critical to your business is your first line of defense towards maintaining productivity and protecting your business.
Many things can go wrong with an API, such as connectivity issues, hardware problems, supporting systems fail, or code changes on either the client or the server. APIs typically work in the background taking care of functionality and features not directly visible in the user interface. API issues may not show up until well into a transaction. Rather than waiting until API issues affect your customers, productivity, or revenue, proactively test your critical APIs.
What APIs should I monitor?
You should monitor any API crucial to your business.
APIs you publish: If you provide an API, it is your responsibility to make sure that your APIs work and users (human or machine) always have access.
APIs critical to your website or service: If your website depends on a third-party API to work correctly, you should monitor the API directly. For example, suppose your website uses a third-party API for user authentication, and that API experiences an issue, you’ll want to know about it right away. Monitoring the API directly can lead to faster problem resolution.
APIs critical to your business: If your business uses applications that depend on APIs, and a failure of those APIs could potentially bring your business’s productivity to a halt, you should monitor them. For example, suppose your supply chain management system relies on an API to process inventory movement data and that system was to have problems. In that case, you can quickly lose insight into your supply resulting in poor business decisions.
What can API monitoring tell me?
There is a lot for you to gain from API Monitoring. An API monitor can tell you if
- Your API is available
- Your API results are accurate
- Your API’s performance is on par
By monitoring your APIs, you learn about issues faster (before your users), notify team members about errors faster, and have the reports and tools at your disposal to get to the root cause quickly.
Availability
Effective monitoring always starts with uptime. Make sure you keep API endpoints available. Using a simple Web Service Monitor type, you send a request to the API. You can write your own header and use authentication. Uptrends sends the request from any of your choice of over 220 checkpoints. You can generate alerts on response codes, content checks, response size, and response times. The web service monitors (Webservice HTTP/HTTPS monitor types) check once a minute to capture downtime and track your service level agreements (SLA).
API function
When you need to go in deeper with your monitoring—as we expect you will—you need a tool that can interact with your API exactly as a user would. Uptrends Multi-step API Monitoring is that tool. The tool interacts as a user by
- Handling redirects
- Using client certificates
- Authentication
- Reusing data over multiple API calls
- Generating variable values when needed
- Logging off
Uptrends’ step editor allows you to break your transactions into logical steps.
- Define your request
- Define your method: GET, POST, PUT, PATCH, and DELETE
- Add response header pairs
- Set Authentication: basic, NTLM (Windows), and digest
- Set up client or custom certificates
- Predefine variables. You can use predefined variables anywhere you need them in the request or the response. You can use automatic variables to get date/time stamps, generate GUIDs, random numbers.
- Manage the response
- Using assertions, you check the response for
- Content: response body as JSON, XML, or text
- Status code
- Completion
- Errors
- Duration
- Size
- You use standard comparison operators to check the response.
- Is equal to
- Is not equal to
- Is less than
- Is greater than
- Is less than or equal to
- Is greater than or equal to
- Does/doesn’t contain
- Is not empty
- Ignore
- Using assertions, you check the response for
API Performance
Every API call needs to be instantaneous. A slow response from an API can jeopardize entire applications. Using assertions, you can monitor your API endpoints for their response times. Determine the maximum number of milliseconds a response should take and add an assertion on the response’s duration. If your API slows down, Uptrends issues an alert. You can get ahead of performance-related issues before they affect your API’s users.
Takeaway
- API publishers need to monitor their API endpoints for availability, performance, and function.
- If your business relies on a third-party API, at the very least, you want to watch the availability of those APIs.
- An API should respond quickly to avoid slowing down entire processes.
- API monitoring informs you and your team about issues before they affect your users.
- Logs and reports generated by your API monitoring are crucial for fast problem resolution.
- Multi-Step API monitors test entire API transactions over multiple calls with data reuse.
- Web service monitors are great for testing endpoints for availability.
- Multi-Step API Monitoring lets you track numeric API responses with Custom Metrics.
- Uptrends Vault stores your sensitive certificate and authentication credentials.
Want to learn more about API Monitoring? Schedule a live one-on-one demo.