APIs have become the de-facto standard in building and running modern applications.
They are an integral part of the automation workflow of any business and as more users rely on your APIs to power their applications, the need for them to be reliable is important. Any degradation in their health, availability, and performance will impact your business, so ensuring its reliability depends on proactively monitoring your APIs.
In this guide, we’ll explore different best practices on how to do API monitoring properly, what metrics your team should be monitoring, and the importance it can make in your business.
What Is API Monitoring?
Nowadays it is common to use out-of-the-box solutions for common functionalities like Payment, ChatBots, User tracking, etc, But this comes at a disadvantage.
Using someone else’s code and infrastructure will take control out of your hand and let you and your users rely on their capabilities. As you can imagine this sparks a need to ensure they provide a fast and reliable service that would at least match yours in terms of performance.
To make sure all your APIs are up and running at all times you’ll want to setup API monitoring and here’s where Sematext shines. It allows you to keep a close eye on every API integration you have.
API monitoring is exactly that, a way to ensure all your third parties are working as expected and deliver the same quality across all services.
What Is an API?
An Application Programming Interface (API) enables two systems to communicate with each other. It’s like a policy that states how information can be transferred between the two. APIs make things easier for you by extending the functionalities and capabilities of tools that you’re already using without investing too much in integrations.
There are different types of APIs you could use to leverage all their potential and help your business processes:
- User-facing API – The documented and versioned APIs exposed by your application for your users to integrate your application into their workflow.
- Internal API – The APIs used by your web application frontend or other services in your system.
- Third-party API – These are the APIs that your system depends on. The web application frontend or backend system will depend on these APIs.
- Webpage URL – Although this does not fall into the category of APIs, we can use most of the API monitoring tools to monitor the webpage URLs.
Why Monitor APIs?
Many applications depend on APIs to carry on business transactions, which makes them critical for operations. Without knowing if your APIs are available or how are they behaving, you risk creating bottlenecks that affect application performance and end user experience. We looked closely and came up with this list of benefits you get by monitoring APIs.
The main benefit of API monitoring is you get to know when your API is down or if there is performance degradation before your customers inform you. With the right set of information, you can investigate and fix the issues faster. If you have API monitoring as part of the CI/CD pipeline, then you can catch issues before it goes to production.
Measure the impact of performance improvements
You cannot improve something that you cannot measure. API monitoring helps you verify the impact of performance improvements done in the application. With historical data of response timings, we could compare the performance before and after the changes.
In DevOps culture settings Service Level Objectives (SLO) for the services is important. API monitoring helps you make sure you meet the SLOs and track the Service Level Indicators (SLI) for the service like latency and errors.
Third-party SLA monitoring
If your application depends on third-party APIs and you could monitor those APIs and make sure they are adhering to specified Service Level Agreements (SLA).
Read our guide about monitoring and alerting to learn more reasons why you need to monitor your apps in the first place, whether it’s your APIs or other components.
How Do API Monitors Work
API monitoring works by periodically invoking the API from multiple locations around the globe and recording various performance timings and response details. The process of API monitoring consists of the following steps:
- Configure – Configure the various parameters for the API like URL, HTTP method, request details, expected values, and locations to run the API checks.
- Run – The API is periodically invoked from the specified location with configured parameters. Then the system records the results of the API invocation like response timings, HTTP status, and response details.
- Alert – Checks the actual values against the expected values in the configuration. If they do not match then mark the run as failed and send the alerts.
- Report – We generate reports on availability, response time over a period for historical analysis.
What Metrics Should You Monitor?
As part of API monitoring, any good dashboard should include checkups for availability (connectivity), correctness, and performance. These are the most important metrics you should monitor. Here’s why:
- Connectivity – Verify if we can successfully send a request to the API endpoint and get a response with expected HTTP status code. This will confirm if the API endpoint is up and running.
- Correctness – Validate if the response data of the API is as expected. This could be a simple check to see if the response contains a specific string or extract a specific field from JSON response and verifying its value.
- Performance – Make sure the response time of the API is within acceptable limits. If we have thresholds for specific timings like DNS, TTFB, etc, we could check if these are below the expected threshold.
The Best API Monitoring Tools of 2020: Free & Paid Solutions
Now that you know what API metrics to keep an eye on, let’s see what tools can you use to collect and expose them. Here are the best free and commercial API monitoring tools available today:
Sematext Synthetic Monitoring [SaaS]
Sematext’s Synthetic Monitoring solution is the direct response to our customers’ need to better the experience of their users by simulating interactions with the website or application. Using synthetic monitoring, Sematext can identify business-critical web performance metrics, send alerts in case of a failure, and monitor the availability of your APIs.
Besides the simple Browser monitor that is often found as a monitoring solution to most vendors in this space, Sematext offers a comprehensive HTTP monitor that allows you to collect web performance metrics based on scripted user interactions with the website. This means that you can test beyond the page load times but go deeper and look at detailed interactions with the website like login and registration, add to cart and run search queries on the site.
The API Monitoring advanced notification system that can be customized to work on a number of different conditions based on errors and metrics. This will allow you to have more granular control over the alerts you get by having them do double or triple checks before sending an alert, basically eliminating false positives (alerts that get fired even though the website works just fine) in the process. As an added bonus you can schedule your alerts to only be sent at given hours throughout the day.
When looking at the pricing plans you’ll get the usual Standard and Pro packages that cost $29 and $99 a month but you also get the option of choosing a Pay-as-you-Go package where you pay a flat fee for each monitor and start at just $2 a month.
Learn more about how Sematext Synthetics works and what it can do for you.
Uptrends’ API monitoring product use an advanced multi-step solution to check APIs for performance, function and uptime and rely on a solid alerting system that will trigger a message every time something breaks.
Uptrends can monitor your API from 209 locations scattered across the world and can test your app behind your Firewall using Private checkpoints. These private checkpoints can be either virtual machines or physical servers you have on-premise and are used to monitor your intranet, web applications and APIs using Uptrends checkpoint software.
Their Multi-step monitoring platform lets you set up powerful testing scenarios with virtually no need for programming skills. It’s easy to configure, you get instant alerting and custom metrics.
While they have a total of 5 different pricing plans, they only offer API monitoring with their advanced website monitoring plans that start at $35 for Business and $65 for Enterprise.
Prometheus [Open Source]
Amongst the most recognized monitoring solution for cloud applications, Prometheus is ideally suited to mission critical applications as a result of it’s inherited simplicity.
With extensive documentation, Prometheus provides detailed instruction on how the tool works, how to set it up and how to use it to get the most out of it. It’s worth noting that the official Prometheus website has a blog dedicated to exploring use cases, tips, tricks, and features writers all over the world using Prometheus in their day to day operations.
Because of the way it works, Prometheus lacks in the data analysis department as out of the box you can only rely on an append-only file per metric and data is stored on the local disk. If you do end up using Prometheus I highly recommend you look into a remote storage option for long-term retention and analysis.
Graphite [Open Source]
Graphite is a push-based system that receives data from applications by having the application push the data into Graphite’s Carbon component which is later stored in a database.
One thing that sets Graphite apart from the rest of the open source is the ease of which it gets installed and how users can just pick it up and start using it thanks to Synthesize, an automated installation and configuration script for the Graphite stack.
An interesting feature of Graphite is the ability to store arbitrary events that should be related to time-series metrics. In particular, application or infrastructure deployments can be added and tracked within Graphite. This allows developers to find the issue faster by having more context about the event and the anomaly that led to the unexpected behaviour.
Loggly is built on top of SolarWinds cloud network to monitor your performance across the entire stack. It features a simple and intuitive dashboard that allows you to quickly identify problems and provides all the information you need to solve them.
It also provides real time information of what’s happening across distributed environments and use open protocols (instead of proprietary agents) to send logs. It’s 100% cloud scalable, meaning that you won’t run into infrastructure limits and will let you search through data to make sure you find what you’re looking for.
Loggly has a 14-day trial and after that you’ll be looking at one of the four pricing plans that start at $79/month for one user.
APIFortress, is a bit of a combo as it provides both REST Api and an in-depth monitoring solution. It has a beautiful interface that allows you to quickly test payloads, subsets of API traffic and much more. Using both services will give an extra layer of confidence when it comes to preventing downtimes and other issues.
It will allow you to check data in real-time and share time sensitive and critical information with your entire team while keeping a history of data for service level agreements compliance.
APIFortresscan be used as a SaaS solution or can be installed on-premise and hosted on a Linux machine. It has a 30 days trial that you can use to test their features or you get the cloud-based, scalable solution that starts at $1500/year for a single user license.
A powerful API monitor that is currently part of the Cisco product suite. Appdynamics offers real-time data visualization in a simple to comprehend and concise way allowing you to avoid user impacting experiences with out-of-the-box monitoring solutions.
With AppDynamics you can stay confident that your website is ready and able to serve users at any point in time by measuring your entire workflows, including data and user actions through Selenium-based tests.
You’ll be able to measure and track end user experience as perceived by your customers, not some proxy metric, with full resource waterfalls and page performance load times from the browser timing and navigation APIs.
AppDynamics has a 15-day trial and when you’re ready to commit pricing, starts at $3300/ year.
Runscope is a no thrills, API monitoring solution that works by preventing slow or broken APIs from affecting your service. It will schedule tests that will run from any of the 16 locations around the globe and will identify any issues within your system and send an alert immediately.
It has 4 simple pricing plans starting at $79 and features integrations with Slack, DataDog, Pagerduty, and many more. You can schedule up to 1-minute tests and up to 250000 requests. For the Small package, you can invite up to 5 team members.
Before you have to agree on a plan you can choose to test all of Runscope features for 14 days without the need of ever having to add a credit card to your account.
Unlike some of the other tools I’ve talked about in this article, Speedcurve focuses on API monitoring and RUM monitoring. It will help you measure when your most important content renders, correlate web performance with user experience and you can even benchmark your competitors.
Speedcurve will provide information on the effects of your ads and third parties API on the performance of your website and will allow you to compare synthetic and real user monitoring data allowing you to better understand and debug web performance at a page level.
Both their services cost a whopping $18 000 a year but they do also offer a few alternatives for both Synthetic and Real User monitoring as well as a Pay-as-you-Go plan that will give you a granular control over your bill. Before picking any of their services you can use their Free Trial for 30 days.
UptimeRobot is a simple uptime monitoring tool that works great, especially for small businesses and products. It provides website monitoring, SSL certificate monitoring and cron job monitoring. UptimeRobot features a custom HTTP request monitoring system that allows you to check on your third party APIs and make sure they all work as they are supposed to.
UptimeRobot has 3 plans, a free plan that allows you to run 5 minute interval checks on 50 monitors, a Pro plan that’s customizable based on your needs and features SMS and voice alerts and a third plan for Enterprise that provides a custom number of monitors and SMS alerts with high priority support.
With so many tools at your disposal, how do you decide which one is the best for you?
How to Choose the Best API Monitoring Tools
There are lots of API monitoring solutions available with features ranging from simple ping monitoring to tools that can parse, extract and verify data from the response.
The following are various features that you should look at while evaluating an API monitoring solution. Depending on your requirements, some of these features may not apply to you.
Ability to select locations where your users are from. For example, if most of your users are from India, you need the ability to run your tests from India. If you have a global user base, then schedule the tests to run from at least 5 locations around the globe.
Knowing the information about where the tests are run from will help debug some performance issues or errors. For example, if your service is running in the AWS US East region and the vendor monitors also run from the AWS region, then obviously the response will be faster.
If your service is running behind a firewall, check with the vendor if they can provide a list of IP addresses from where the tests will run, to whitelist them in your firewall.
Customize request settings
Ability to customize requests details like headers, request parameters, and request body. If you are planning to monitor lots of APIs it would be useful if there is support to declare common configuration settings and reuse them across monitors.
Response timing metrics
The response time of an API is a combination of DNS, Connect, TLS handshake, Time To First Byte, and Download times. The ability to track these individual metrics along with total response time will give better insights into the performance of the API endpoint. For example, a higher value of TTFB means there is some performance issue with backend service. An increase in DNS time denotes an issue with the DNS provider.
Ability to inspect response data to check for failures
Apart from alerting on API connection/HTTP failures, the solution should allow customization of failure conditions based on response details like headers and body. For example, we should be able to check if the response contains a specific header name and value. Support for parsing common response formats like JSON and extract and check if the value of a specific field matches the expected response will help validate the correctness of the response data.
SSL certificate expiry time
SSL certificate expiration is easy to miss. If the webpage or API fails due to SSL certificate expiry then it will impact the trust in your service. So the ability to monitor and alert before SSL certificate expiration is an important feature in API monitoring tools.
Integration with APM and Logging
An integrated solution with application metrics, logging, and API monitoring under a single roof, will help you quickly debug and understand the reason for failures or slow API response time. If the logs and metrics of the service exposing the API are present in different applications it will be difficult to correlate the information and switching between these applications to diagnose an issue will cause delays in resolving the issue.
Ability to run the monitors as part of the CI/CD pipeline. This could range from Github integration to API to invoke the tests as part of the Jenkins pipeline and verify the results. Also, the option to overlay deployment events on the metric charts will help debug changes in metric values easily.
Ability to alert when the API check fails. To minimize alert fatigue and reduce false positives we need support for multiple alert strategies like based on the run count, time range, etc.
Most of the vendors charge the API monitoring based on the number of runs. Things that might impact the number of runs are locations to test from and frequency of testing.
For example, let’s say a vendor charges 5$ for 10000 tests per month. This might look like a small amount for a large number of runs. If you want to test your API from 3 locations every 1 minute, then it will execute 129,600 times a month which will cost 64$ per month to monitor one API.
If your use case is for global monitoring of availability of your APIs then your might need a higher limit for runs. If your customers are local to a country then you might need to run the tests only from a few locations.
If your tests use secure credentials like API key, cookies and passwords make sure they are saved and used securely. This means the ability to declare some parameters as secure, storing the secured parameters in an encrypted manner, and decrypting them only when needed in the destination. Also, ensure the solution runs tests in an isolated environment since, in a SaaS environment, you might share the same infrastructure with other tests.
API Monitoring Made Easy with Sematext Synthetics
To illustrate the significance of API monitoring below are some of the real-world examples where API monitoring helped identify issues and understand the impact of software changes on API performance:
Lag in Metrics Ingestion Pipeline
At Sematext, the metrics sent from our agents go through multiple stages before getting persisted in DB and available for queries via API or UI reports. Also, we use our solutions to monitor our system.
The issue started with a below alert in Slack, informing the Metrics Query API monitor is failing:
On selecting the link, we saw the details of the failed run:
The Metrics Query API monitor queries the last 5 minutes metrics data for a Monitoring App.
Sematext Synthetics HTTP monitor allows you to add custom conditions based on the response data. In this monitor, we have added a custom condition to verify if the length of the returned metrics array should be greater than 0. i.e we should have some data for the last 5 mins.
From the above run details screen we see that even though the API returned a 200 response, there is no data in the response. With Sematext end-to-end visibility of metrics and logs, we looked into the CPU load and logs of the associated service.
Here we can see a correlation between the spikes in CPU load, Kafka commits failed messages and the Metrics Query API failure. With this, we were able to narrow down the root cause as the consumer of the Kafka message queue.
The above example shows how the ability to check for response data (correctness) rather than just rely on response code or connection success helps in identifying issues like this. Also having access to end-to-end monitoring data and logs helped us identify the root cause quickly, instead of spending time switching between separate tools for API monitoring, logging and application monitoring, and correlating the data between them.
Measuring the impact of System Migration
Recently we migrated our Logs backend from Elasticsearch 6.x to 7.x.
We provide Elasticsearch compatible APIs to query the Logs App. To monitor this API, we created a Logs Search API monitor. Sematext Synthetics HTTP monitor provides not just total response time but also reports of individual performance timings of an HTTP request like DNS Time, Connect Time, Time To First Byte (TTFB), etc.
In the below chart, we can see a significant drop in the average TTFB of Search API responses which correspond to the migration time. Also, we see during the migration around June 4th to June 15th queries took a long time to run. The small peak at the end around June 23rd is due to another migration to a minor version upgrade. This means the queries are running faster in the newer version. This helped us prove that the migration had an impact on query performance and also look into the impact on query performance during the migration.
As APIs play a crucial role in connecting modern cloud applications, it’s important to monitor the availability and performance of the APIs. This will help you build reliable APIs by identifying and resolving the issues before they affect your users.
Sematext Synthetics API monitoring solution combined with infrastructure monitoring, log management, and real user monitoring will provide an end to end platform to monitor your APIs and quickly diagnose any issues.
If you’ve already considered mixing these to cover all your bases, we have something that might help you get started. Check out the blog post where we curated some of the best log management tools or if you’re on the lookout for a RUM solution, we compared the top real user monitoring solutions too. On the other hand, if your goal is to ensure the smoothest of experiences for your users, we recommend you read RUM vs Synthetic Monitoring to learn how you can benefit from combining the two and the choose your poison from our article where we reviewed the best website performance monitoring tools that feature both types of monitoring. And if you want an all-in-one solution, check out Sematext Cloud, our cloud monitoring tool that brings logs, metrics, events, and traces together to offer end-to-end-visibility of your apps and services.
On that note, we hope this guide helped you understand the importance of API monitoring and the value it can bring to your organization.