APIs have become the de-facto standard in building and running modern applications.
They are an integral part of the automation workflow of any business and as more users rely on your APIs to power their applications, the need for them to be reliable is important. Any degradation in their health, availability, and performance will impact your business, so ensuring its reliability depends on proactively monitoring your APIs.
In this guide, we’ll explain what exactly is API monitoring and why do you need it. Different teams inside an organization can benefit from it, so we’ll also go through the key API metrics you should keep track of and how to choose the best API monitoring tool for the job.
But first things first.
What Is an API?
An Application Programming Interface (API) enables two systems to communicate with each other. It’s like a policy that states how information can be transferred between the two.
APIs are important because they make things easier for you by extending the functionalities and capabilities of tools that you’re already using without investing too much in integrations.
There are different types of APIs you could use to leverage all their potential and help your business processes:
- User-facing API – The documented and versioned APIs exposed by your application for your users to integrate your application into their workflow.
- Internal API – The APIs used by your web application frontend or other services in your system.
- Third-party API – These are the APIs that your system depends on. The web application frontend or backend system will depend on these APIs.
- Webpage URL – Although this does not fall into the category of APIs, we can use most of the API monitoring tools to monitor the webpage URLs.
Here are a few examples of APIs we use in our everyday lives:
- Social media APIs like Facebook and Twitter track your interactions within their platform as well as third parties
- Paypal is available on pretty much any store which again uses APIs to handle transactions
- Login and registration is done via internal APIs or third party Authentication APIs like auth0.com
What Is API Monitoring?
Nowadays it is common to use out-of-the-box solutions for common functionalities like Payment, ChatBots, User tracking, etc, But this comes at a disadvantage.
Using someone else’s code and infrastructure will take control out of your hand and let you and your users rely on their capabilities. As you can imagine this sparks a need to ensure they provide a fast and reliable service that would at least match yours in terms of performance.
To make sure all your APIs are up and running at all times you’ll want to setup API monitoring and here’s where Sematext shines. It allows you to keep a close eye on every API integration you have.
API monitoring is exactly that, a way to ensure all your third parties are working as expected and deliver the same quality across all services.
Why Monitor APIs
Many applications depend on APIs to carry on business transactions, which makes them critical for operations. Without knowing if your APIs are available or how are they behaving, you risk creating bottlenecks that affect application performance and end user experience. We looked closely and came up with this list of benefits you get by monitoring APIs.
The main benefit of API monitoring is you get to know when your API is down or if there is performance degradation before your customers inform you. With the right set of information, you can investigate and fix the issues faster. If you have API monitoring as part of the CI/CD pipeline, then you can catch issues before it goes to production.
Measure the impact of performance improvements
You cannot improve something that you cannot measure. API monitoring helps you verify the impact of performance improvements done in the application. With historical data of response times, we could compare the performance before and after the changes.
In DevOps culture settings Service Level Objectives (SLO) for the services is important. API monitoring helps you make sure you meet the SLOs and track the Service Level Indicators (SLI) for the service like latency and errors.
Third-party SLA monitoring
If your application depends on third-party APIs and you could monitor those APIs and make sure they are adhering to specified Service Level Agreements (SLA).
How Does API Monitoring Work
API monitoring works by periodically invoking the API from multiple locations around the globe and recording various performance timings and response details. The API monitoring process consists of the following steps:
- Configure – Configure the various parameters for the API like URL, HTTP method, request details, expected values, and locations to run the API checks.
- Run – The API is periodically invoked from the specified location with configured parameters. Then the system records the results of the API invocation like response times, HTTP status, and response details.
- Alert – Checks the actual values against the expected values in the configuration. If they do not match then mark the run as failed and send the alerts.
- Report – We generate reports on availability, response time over a period for historical analysis.
What API Metrics Should You Track?
As part of API monitoring, any good dashboard should include checkups for availability (connectivity), correctness, and performance. Among those, here are the key API metrics you should always measure:
Application API metrics
Application-specific metrics give insight into how well your application is performing independently of other metrics. These are good metrics to use for website benchmark and they are worth tracking over longer periods of time.
Requests Per Minute (RPM)
Requests per minute is a performance metric that measures the number of requests your API will handle per minute. While this is subject to change depending on the day of the week or even the time of day, RPM is the average number of requests.
Network latency is the time it takes for data or a request to go from the source to the destination. Latency in networks is measured in milliseconds. The closer your latency is to zero, the better. If your latency is high your whole website will suffer and in return, this will negatively impact your user’s experience.
Your APIs will fail, it’s not a matter of if but rather when, so it’s important to note how many times these happen. Knowing if an API, especially if it’s an external one, can fail helps you decide on a course of action that can lead you to either create certain fallback scenarios or switch the service provider altogether.
Infrastructure API metrics
Your APIs will be very dependent on how well your infrastructure is set up and how well it performs. Keeping that in mind, there are a few very important API metrics you should watch out for to ensure your APIs are performing as well as they should.
API uptime enables you to check if you can successfully send a request to the API endpoint and get a response with the expected HTTP status code. Usually, this is calculated based on the number of minutes or hours the server is available during a selected period.
Time to First Hello World
TTFHW will be quite obvious to most developers since more often than not, the first expression you write in a new programming language will output the text “hello world”. In this scenario Time to first hello world refers to the time the user needs to make his first API transaction since they landed on your web page.
Memory & CPU Usage
It’s important to measure the impact your APIs have on your servers. The two most important API infrastructure metrics to watch out for are CPU and memory usage. A high CPU usage can mean the server is overloaded which can cause severe bottlenecks.
Memory usage helps you understand the amount of resource utilization. Based on these two, you can either decide to downgrade your machine or VM, saving a few bucks, or upgrading to ease the stress you put in and to avoid causing a bottleneck.
Using API Monitoring Tools to Ensure Peak Performance
All of these can be difficult to manage and especially difficult to monitor if you don’t have the right tools at hand. Any of them can severely impact API performance. However, more often than not, such issues can easily be avoided if you get a little heads-up. That’s where API monitoring tools such as Sematext Synthetics come into play.
They will help you catch errors and build reliable APIs by identifying and resolving the issues before they reach your users. Try Sematext Synthetics and see for yourself how you can benefit.
If you want to see what other similar solutions are available on the market, you can check out our API monitoring tools review.
How to Choose the Right Solution for You
There are lots of solutions available with features ranging from simple ping monitoring to tools that can parse, extract and verify data from the response.
The following are various features that you should look at while evaluating an API monitoring solution. Depending on your requirements – who will use it and what types of metrics are they need to measure – some of these features may not apply to you.
Ability to select locations where your users are from. For example, if most of your users are from India, you need the ability to run your tests from India. If you have a global user base, then schedule the tests to run from at least 5 locations around the globe.
Knowing the information about where the tests are run from will help debug some performance issues or errors. For example, if your service is running in the AWS US East region and the vendor monitors also run from the AWS region, then obviously the response will be faster.
If your service is running behind a firewall, check with the vendor if they can provide a list of IP addresses from where the tests will run, to whitelist them in your firewall.
Customize request settings
Ability to customize request details like headers, request parameters, and request body. If you are planning to monitor lots of APIs it would be useful if there is support to declare common configuration settings and reuse them across monitors.
Response timing metrics
The response time of an API is a combination of DNS, Connect, TLS handshake, Time To First Byte, and Download times. The ability to track these individual metrics along with total response time will give better insights into the performance of the API endpoint. For example, a higher value of TTFB means there is some performance issue with the backend service. An increase in DNS time denotes an issue with the DNS provider.
Ability to inspect response data to check for failures
Apart from alerting on API connection/HTTP failures, the solution should allow customization of failure conditions based on response details like headers and body. For example, we should be able to check if the response contains a specific header name and value. Support for parsing common response formats like JSON and extract and check if the value of a specific field matches the expected response will help validate the correctness of the response data.
SSL certificate expiry time
SSL certificate expiration is easy to miss. If the webpage or API fails due to an SSL certificate expired error then it will impact the trust in your service. So the ability to monitor and alert before SSL certificate expiration is an important feature in API monitoring tools.
If you want a tool that monitors both APIs and SSL certificates, you should check out Sematext Synthetics, our synthetic monitoring tool that helps you deliver fast and reliable websites by monitoring APIs, website uptime, web transactions, and more. If you want to see how Sematext ups the ante compared to other similar solutions, you can also read this list with the best SSL certificate monitoring tools.
Integration with APM and Logging
An integrated solution with application metrics, logging, and API monitoring under a single roof, will help you quickly debug and understand the reason for failures or slow API response time.
If the logs and metrics of the service exposing the API are present in different applications it will be difficult to correlate the information and switching between these applications to diagnose an issue will cause delays in resolving the issue.
If you’re new to logging, you can start with our introductory log management guide where we discuss how it can help your use case. If you already want to combine API monitoring with application logs and metrics for optimum performance of your website or web app, and are looking for a tool that can do this, we have the tool for you! Sematext Cloud, our cloud monitoring tool, allows you to work with both logs and metrics from a single pane of glass.
Ability to run the monitors as part of the CI/CD pipeline. This could range from Github integration to API to invoke the tests as part of the Jenkins pipeline and verify the results. Also, the option to overlay deployment events on the metric charts will help debug changes in metric values easily.
Ability to alert when the API check fails. To minimize alert fatigue and reduce false positives we need support for multiple alert strategies such as based on the run count, time range, etc.
Most of the vendors charge API monitoring based on the number of runs. Things that might impact the number of runs are locations to test from and frequency of testing.
For example, let’s say a vendor charges 5$ for 10,000 tests per month. This might look like a small amount for a large number of runs. If you want to test your API from 3 locations every 1 minute, then it will execute 129,600 times a month which will cost 64$ per month to monitor one API.
If your use case is for global monitoring of your APIs’ availability, then your might need a higher limit for runs. If your customers are local to a country then you might need to run the tests only from a few locations.
If your tests use secure credentials like API keys, cookies and passwords make sure they are saved and used securely. This means the ability to declare some parameters as secure, storing the secured parameters in an encrypted manner, and decrypting them only when needed in the destination. Also, ensure the solution runs tests in an isolated environment since, in a SaaS environment, you might share the same infrastructure with other tests.
Sematext Synthetics, our synthetic monitoring tool, features all these API monitoring capabilities and more. It goes beyond API monitoring to help you ensure the peak performance of your app and deliver the best user experience possible. Here’s an example of how you can use it:
API Monitoring Made Easy with Sematext Synthetics
To illustrate the significance of API monitoring below are some of the real-world examples where it helped identify issues and understand the impact of software changes on API performance:
Lag in Metrics Ingestion Pipeline
At Sematext, the metrics sent from our agents go through multiple stages before getting persisted in DB and available for queries via API or UI reports. Also, we use our solutions to monitor our system.
The issue started with a below alert in Slack, informing the Metrics Query API monitor is failing:
On selecting the link, we saw the details of the failed run:
The Metrics Query API monitor queries the last 5 minutes of metrics data for a Monitoring App.
Sematext Synthetics HTTP monitor allows you to add custom conditions based on the response data. In this monitor, we have added a custom condition to verify if the length of the returned metrics array should be greater than 0. i.e we should have some data for the last 5 mins.
From the above run details screen we see that even though the API returned a 200 response, there is no data in the response. With Sematext end-to-end visibility of metrics and logs, we looked into the CPU load and logs of the associated service.
Here we can see a correlation between the spikes in CPU load, Kafka commits failed messages, and the Metrics Query API failure. With this, we were able to narrow down the root cause as the consumer of the Kafka message queue.
The above example shows how the ability to check for response data (correctness) rather than just rely on response code or connection success helps in identifying issues like this. Also having access to end-to-end monitoring data and logs helped us identify the root cause quickly, instead of spending time switching between separate tools for API monitoring, logging and application monitoring, and correlating the data between them.
Measuring the Impact of System Migration
Recently we migrated our Logs backend from Elasticsearch 6.x to 7.x.
We provide Elasticsearch compatible APIs to query the Logs App. To monitor this API, we created a Logs Search API monitor. Sematext Synthetics HTTP monitor provides not just total response time but also reports of individual performance timings of an HTTP request like DNS Time, Connect Time, Time To First Byte (TTFB), etc.
In the below chart, we can see a significant drop in the average TTFB of Search API responses which correspond to the migration time. Also, we see during the migration around June 4th to June 15th queries took a long time to run. The small peak at the end around June 23rd is due to another migration to a minor version upgrade. This means the queries are running faster in the newer version. This helped us prove that the migration had an impact on query performance and also look into the impact on query performance during the migration.
Whether you’re about to launch a new app or web service, building an API, or already working with one, monitoring them is crucial. Just make sure you choose the right metrics and the best API monitoring solution for your specific use case.
Try Sematext’s API monitoring tool! There’s a free 14-day free trial available for you to explore all its functionalities.