API monitoring is the process of collecting and analyzing data about the correctness and performance of application programming interfaces (APIs).
A robust API monitoring tool will allow you to monitor all aspects of availability and performance of the APIs that you use so that you can quickly and efficiently identify and solve problems that impact your business’s performance and bottom line.
Before selecting an API monitoring solution, it's important to first understand what an API is, how API testing works, and how to get the most out of any API monitoring tool.
What Is An Application Programming Interface (API)?
An application programming interface (API) provides a way for one computer system (or subsystem) to communicate with another.
APIs enable programmers to create complex systems by creating custom business logic for a specific use case and exposing it for others to use - including managing shipping and logistics, securely handling payment processing, and running customer service functions.
There are three basic types of APIs.
- Public API: Public APIs are accessible to anyone who wants to use them.
- Private API: Private APIs are internal to an organization and can be used to build and connect internal systems and applications.
- Partner API: Partner APIs are semi-private APIs that allow you to connect with strategic partners and services that grant your business access to their API.
To ensure that your users and customers get the best experience, you want to be able to understand how all three types of APIs are performing over time.
Why Is API Monitoring Important?
Because APIs are critical for running applications and key processes in modern business, it's essential to have a robust and reliable API monitoring tool that allows you to quickly understand the availability and performance of APIs.
For example, let’s say that you are using a payment processing API to allow customers to purchase your product and modify their existing plans. If that payment processing API has any problems, like going down for some period of time, it’s critical that you know right away so that you can work on a solution and avoid losing potential customers or the trust of existing users.
The more APIs that you use to run your business, especially when they are used for important parts of the customer journey, the more important it is to have API monitors running in the background to ensure the APIs are performing as you expect.
Thankfully, there are many services that can help you do this. With API monitoring tools like Cronitor, for example, you can get real-time insights about the performance of the third-party APIs and internal APIs underpinning your business. You can also set up custom alerts and notifications so that you team can know and act on problems in short order.
How API Monitoring Works
API monitoring is a systematic process of assessing the availability and performance of APIs, and it is an indispensable part of ensuring that you have a comprehensive website monitoring and performance monitoring strategy.
An API exposes the functionalities of a system through its endpoints, and the functionalities and performance of the API are also measured through those endpoints. To implement API monitoring, a remote server sends a request to the API endpoints and receives a response from your API server. These API calls are then used to track and monitor metrics like response time, payload size, throughput, uptime, downtime, lag in the network, and other metrics.
Primary Ways to Assess API Performance
There are two common ways of monitoring and assessing API performance.
Synthetic monitoring: Synthetic monitoring is a form of monitoring that involves making API requests that simulate user behavior under certain test conditions, including various locations, networks, device types, and more.
You can implement synthetic API monitoring by automating the testing of your APIs using tools that can send requests from multiple locations, device types, and networks from around the world and track performance. This is a controlled form of API testing, and it gives you full control of the initial testing conditions as well as the volume of data you collect around your API's performance.
Real user monitoring (RUM): RUM involves tracking real users as they engage with your website. It is implemented by installing simple scripts that record information about what users are doing and the performance of your website. Using RUM, you can track requests and responses related to your APIs as they are generated by real user activities.
An important difference between RUM and synthetic monitoring is that you lose control over the testing location, networks, device types, and other conditions. The benefit, however, is that you get access to real user data, which can be helpful in resolving issues that synthetic testing may miss.
While synthetic monitoring is the primary form of testing used in a good API monitoring tool, RUM can help surface the downstream effects of issues with APIs. For example, you may notice that there are slower overall page load times for specific users, and the cause of this slowdown may be related to APIs that are not performing as expected.
Using a combination of synthetic monitoring and real user monitoring, you can identify API errors, track the uptime and downtime of APIs, and assess API security.
API Metrics to Monitor
Like all other forms of monitoring, API monitoring has a set of recommended metrics that you should prioritize when getting started to maximum benefits right out of the box. Here are some of those:
Response time is the total time between when a request is made by the client and when the response is sent back to the client. This time includes the time required to process the request in the server and deliver an output to the user or client.
Another way to look at response time is through transport latency and processing time. Transport latency is the time it takes for a request or response to be sent to or from the processing component (server/client). The processing time is then the time it takes for the system to process the request. Hence, response time = transport latency + processing time.
You can use API clients such as Postman to measure the response time manually, or you can use automatic tools like Cronitor.
Response Status Code
For every response that is returned to the client, there is always an HTTP status code that indicates the result of the operation. This can be a successful response (2XX), responses that indicate bad requests from the client (4XX), or those that indicate the server might be the cause of the error (5XX).
Thus, these codes are recorded for every request, and the request can be repeated over time to measure the performance of the API, or a user journey might be simulated. These metrics give you insights into the errors per minute, success per minute, server failures, etc.
Assertions Based on Response Data
An assertion is simply comparing the response received with the response expected. This process helps to set up checks that are specific to the response of each API and may help in catching cases where the right status code was sent but the body did not contain the right content.
For example, here is a setup on Cronitor for verifying if the word "fact" is present in the content when a request is made to the dog-facts API.
Requests per Minute
Requests per minute record all the requests that are sent from the client to the server within the time frame. Other related metrics include the requests per second and queries per second.
Based on these metrics, you can understand how consumers are using the API and make decisions like scaling up your services or throttling your services.
API Monitoring Best Practices
It’s helpful to remember a few best practices that allow you to get the most out an API monitoring solution.
Prioritize Important Endpoints
Of course, every API endpoint is important for you and your business as there is a reason it exists. However, some of these endpoints carry more weight than others. A good way to identify important endpoints is to check if they are part of a critical user journey, such as making a payment or filing a complaint.
For example, an endpoint to retrieve details about a product will be more important for an e-commerce app than endpoints that return comments about that product. Both are essential, but one is more important than the other. Thus, it is very important to identify endpoints like this and set up monitoring for these first. You can prioritize important APIs when setting up alerts.
For all the metrics that you monitor, it is important to tie them to measurable targets. For instance, you can set up alerts when critical APIs are down for longer than a critical time threshold. These alerts, which are tied to the target that matter for your business, will help you identify and resolve the problems that impact your bottom line the most.
Monitor SSL Certificate and Expiration
Security on the internet is more vital than ever. Thus, whichever API monitoring tool you choose should be able to verify the SSL certificates of the endpoints that are being monitored.
Secured websites provide businesses with more confidence that they will deter attackers. Setting up checks that tell you when your website's certificates are expired is a good first step to keeping your security up-to-date.
Monitor Unauthorized Access or Protected Pages
It is not enough to test if access to a page is possible; you should also set up checks to know if authorized pages can be accessed by unauthorized users. This might indicate a breach in your security and lead you toward a timely fix.
Do Not Forget Alerts
Setting up alerts and notification systems when creating checks or monitors is a very important task because without them, you will never be able to respond to incidents in time. This is why you should choose a monitoring tool that can send customized alerts about issues via the communication medium of your choice.
Set Up Status Pages
While knowing when something's wrong with your web app or APIs is crucial, it is also helpful to provide your users with a way of checking the status of your services by themselves. Status pages are used for this purpose, and with a tool like Cronitor, you can create a status page for your API very easily. Status pages promote transparency with your users and help develop trust.
Choosing an API Monitoring Tool
A good API monitoring strategy starts with a reliable API monitoring tool. If you are new to API monitoring, you might want to start with an API monitoring tool that does the grunt work for you, leaving you with plenty of time to focus on growing your business.
Things to Consider When Choosing an API Monitoring Tool
- Usability: You want an API monitoring tool that is easy to use. If the tool is intuitive, then you will be able to customize it for your specific needs and readily have digestible data about the performance of APIs you’re monitoring.
- Test locations: A good API monitoring solution will allow you to test APIs from the places where you customers interact with your application. This gives you a better picture of what is going on on your customer's end.
- Customization and flexibility: You’ll want to be able to seamlessly configure the API monitoring tool to fit your current and future API monitoring needs. It’s particularly helpful if a tool allows you to reuse scripts that your API developers and testers already use.
- Accurate data: Data is only useful if it is accurate and verifiable. That means you want a tool that provides you with accurate data and the ability to inspect and verify the content of the data you receive.
- Synthetic and RUM testing: While synthetic monitoring is the primary form of assessing API performance, having a tool that gives you real user monitoring data can help you understand the full picture of the user experience.
- SSL certificates: SSL verification checks are another feature you should look out for in the tool you select. For example, can the tool check for certificate validity and DNS information, and alert you to upcoming expirations?
- Alerts and notifications: The tool should allow you to set up custom alerts and notifications when something important happens, like when an API is down for a certain time or when response time spikes over several requests. Support for setting up alerts in your core communication channels (Slack, email, SMS) is also helpful for making sure your team is notified in a timely manner.
- Cost: Because API monitoring is important, it’s worth paying a little extra to find a tool that provides you with the customization, data, communication, accuracy, and alerts that will help your team identify and solve any errors quickly.
Cronitor: A Reliable API Monitoring Solution
While there are many API monitoring tools on the market, Cronitor is designed to provide an intuitive and comprehensive suite of tools for your API monitoring needs.
Through a combination of automated synthetic testing and real user monitoring, Cronitor can help you get high-fidelity data about API performance, including uptime monitoring, incident notifications, and regular reporting in an intuitive dashboard.
You can also set up alerts and notifications based on the metrics and performance areas that matter most to your business. These alerts can be sent via the communication channels that your team already uses, so that you can integrate the tool into your team’s existing workflow.