đź” Want to get alerted when your API stops working?
Go to Better Uptime and start monitoring your endpoints in 2 minutes.
API monitoring is an automated way of checking whether an API is functioning correctly. When API encounters issues with authentication, redirects, or returned content, the API monitoring spots the issue and alerts the right person on the development team.
How does API monitoring work?
The API monitoring process works by sending automated
HTTP requests
requests at a pre-defined frequency to the desired URL and checking for the
desired response. Depending on the API’s use case a corresponding HTTP code is
sent (usually a GET, POST, PUT or PATCH). For requests with parameters,
a specific request body can be added to the checks as well. The pre-defined
frequency depends on the specific user need but generally ranges anywhere from
30 seconds for business use-cases up to 10 or more minutes for hobby projects.
The desired response from the API endpoint is usually the 200 OK HTTP response
code (other codes might be applicable as well in specific cases). To assure the
correct function the response can be checked for a desired keyword, like a
specific parameter for example.
The authentication is automatically monitored as well since every request includes some form of user credentials. The two main authentication methods are Basic access authentication (this includes the HTTP authentication username and password) and Bearer token authentication (this includes the Bearer token). Similarly, the redirects are monitored and if there is an error along the way an API incident is created and the API monitoring tool starts alerting according to the on-call calendar.
What is an API incident?
An API incident is a period of time during which a given API service is unavailable or not functioning properly. Any users that are trying to use the API during the time of the incident will either receive an error or a wrong message.
An API incident can be also a situation where the request sent by the monitor doesn’t receive a response in a given time frame. The request timeout can be anywhere from 5 seconds to 1 minute, depending on the priority of the monitor.
How to receive API incident alerts?
After an incident is spotted by the API monitor it needs to be communicated to the service admins. This process is called incident alerting or on-call alerting. This is because, in case of an incident, the person from a team who is currently on-call (has scheduled duty) receives the incident alert.
The most common types of getting alerted by an API monitor include automated phone calls, SMS, Slack, and Microsoft Teams messages. Ways of alerting depend on factors like the importance of the monitored service, time of the day, and team preference.
What information do API alerts include?
API alerts include information about what API check went wrong and when. It also
includes information about the error that triggered the incident, specifically
the received response. This can be a simple error message (like
401 Unauthorized error) or a regular API response, that is just missing the
desired content.
API alerts also include a call to action for the on-call person to take. Those usually include the option to acknowledge the incident or to view the incident.
Process after receiving an alert? The API incident resolution process
After an alert is received it should be acknowledged immediately. If the alert is not acknowledged in a specified time frame (usually 3 minutes), the person next in line on the on-call duty is alerted. This process could continue further until the whole team is alerted. The best practice however is to have the on-call schedule set up in a way that the first team member is always ready to solve incoming incidents.
Once the incident is acknowledged the escalation process is paused and the team can fully focus on solving it. The speed by which an alert is acknowledged is called Time to acknowledge (TTA). Its average from different incidents called Mean Time to Acknowledge (MTTA) is a widely used incident management metric.
The next steps in the downtime resolution process are individual to different teams and apps. For larger teams, they can include collaborations between a few developers or even teams of developers, delegations of incidents to dedicated team members, and more. There are some best practices that should be used by all teams managing incidents. These include incident communication (both internal and external) and incident post-mortems.
Why use API monitoring?
Fix issues before they affect your users
Businesses that provide API functionality to their users can use API monitoring to make sure that their service is working correctly. Since API monitoring is a fully automated process that can run as often as every 30 seconds. The best-case scenario is that, any incidents are fixed quickly, keeping the number of affected users to a minimum.
Monitor 3rd parties integrations
API integrations like payment processing, site search, recommendation plugins, CRMs or analytics are integral in many modern applications.
Monitoring their functionality is necessary to accommodate for any performance degradations or downtime incidents. Monitoring them is also essential in both incident communication to your users and holding your vendors accountable. Although some vendors have public status pages, like status.stripe.com it's always better to double-check.
Measure SLAs guarantee
Service level agreements (SLAs) are an essential part of enterprise offerings for many software businesses. Outbidding a competitor with better availability can play a decisive role in the sales process.
Vendors can use uptime monitoring to arm themselves with data showing adherence to their SLAs. While their clients can do the same to get paid penalties when the SLAs are not adhered to.
Benchmark and plan improvements
By consistently running over a long period of time API monitoring gives a unique insight into apps performance - specifically availability and latency. This set of historical data allows to benchmark against competitors or older versions of the same apps or products.
What are the main benefits and drawbacks of API monitoring?
Benefits
- Automated with regular frequency: API monitors can run every minute, every hour, 24 hours a day, 7 days a week, the whole year. It’s a fully automated script and once set it needs little to no maintenance, while still providing the same valuable information.
- Simple to set up and use: Monitors for any API URL can be set up in minutes while providing the functionality information right from the start. Since it offers wide options for setups (request types, authorization etc.) it can be applied widely across APIs of different use cases.
- Global testing: It allows for testing from different endpoints around the world. This allows distinguishing regional errors from incidents affecting all users and allows for optimization for a global audience.
Drawbacks
- Limited downtime cause reporting: API monitoring lacks the information that could answer why the incident happened. Since it only monitors the final output and not the actual workings of the app. To get better idea about the root cause, application performance management (APM) or a log management tool needs to be used.
Where does API monitoring fit in the synthetic monitoring setup?
API monitoring is an important part of the synthetic monitoring toolbox for anyone with a public API. When it comes to website monitoring, API checks are ideally accompanied by regular uptime monitoring as well as SSL certificate checks and domain expiration checks to prevent any security issues or loss of valuable business assets respectively.
Synthetic monitoring also offers monitoring options like checking specific ports, DNS or Transaction monitoring. Check 22 synthetic monitoring tools we have tested ourselves.
How to start API monitoring in 2 minutes with Better Uptime?
Better Uptime is an infrastructure monitoring tool
that offers API monitoring. Here is how to get notified whenever an API URL
doesn’t return response for GET request including the word data.
- Once signed up, head to Monitors → Create monitor
- Enter your API URL in the URL to monitor field
- Change Alert us when the host above selection to Doesn't contain a keyword
- Enter your keyword (eg.
data) in the Keyword to find in page input - Select an authentication method: either use Basic access authentication or Bearer token authentication
- Select the way how you want to get alerted, be it a phone call, Slack notification or an email
- Click create monitor
For more information, explore Better Uptime docs .
Jenda leads Growth at Better Stack. For the past 5 years, Jenda has been writing about exciting learnings from working with hundreds of developers across the world. When he's not spreading the word about the amazing software built at Better Stack, he enjoys traveling, hiking, reading, and playing tennis.
Got an article suggestion?
Let us know
Next article
What is SSL Certificate Monitoring?
Learn what is SSL certificate monitoring, how does it work, what are the benefits and drawbacks and how to set it up.
→
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Make your mark
Join the writer's program
Are you a developer and love writing and sharing your knowledge with the world? Join our guest writing program and get paid for writing amazing technical guides. We'll get them to the right readers that will appreciate them.
Write for usWriter of the month
Marin Bezhanov
Marin is a software engineer and architect with a broad range of experience working...
Build on top of Better Stack
Write a script, app or project on top of Better Stack and share it with the world. Make a public repository and share it with us at our email.
community@betterstack.comor submit a pull request and help us build better products for everyone.
See the full list of amazing projects on github