Are You Monitoring Your API Security?

by Marcelo Graciolli licensed under CC BY 2.0 There are many ways to monitor API security on the web. Some APIs might have no security – you can make a simple HTTP call and get an answer back – but if for whatever reason the data is protected or monitored, it's normal to have some form of API security. This typically takes one of two major formats – an API key, or OAuth authentication. Things get very interesting with OAuth. With OAuth 2, you can set up a scope to allow access to only certain API resources. So [...]

By | April 27th, 2017|Sectors, Support|0 Comments

Everything You Need to Know About the APImetrics CASC Score

One of the things about APIs is that they're complicated. There's a lot of things that can and do wrong. So there are many metrics that we measure for each API. That's why we came up with the CASC Score as part of our APImetrics Insights analytics package. CASC stands for Cloud API Service Consistency. But what is a CASC Score? Simply put, you don't want to know just that your API is performing. You also want to know HOW it is performing. Our CASC Score is a number between 0 and 1000 that tells you how well an API [...]

By | April 21st, 2017|Summary, Support|0 Comments

Cookie Authentication

We support Cookie Authentication using the Post-Conditions section of a test, in conjunction with a multiple-test test run. The general idea would be a test run with the follow: Call an API which creates the session In the Post-Conditions, extract cookie value in post-conditions Call other tests, add a header using the custom variable from (2). For example, if your API returns a header: 200 OK Set-Cookie: ASP.NET_SessionId=zw4ixeriskyukm5asrdh0nlv; path=/; HttpOnly … In Post-Conditions, add a variable under headers named COOKIE, with the following path: Set-Cookie|replace('; path=/; HttpOnly', '')   Then in the follow-on tests, add a header in the test [...]

By | March 10th, 2015|Feature updates, Support|0 Comments

Test Frequency – Deciding on your test frequency

One of the things that we are clear about is APImetrics is not a load nor stress testing platform.  We're focused on providing a close indication of the likely quality of the developer experience on REST based APIs.  Consequently, we actually don't test all that often, our default for our public tests is once every 15 minutes.  One of the reasons for that has been the behavior of some APIs with cached data in app queries.  Testing every 15 minutes in this case actually provides misleading good performance data. However, this isn't true for all APIs.  We're also testing the [...]

By | November 1st, 2013|News, Support|0 Comments

External Reporting API

By popular demand we've enabled an API to allow you to extract data from your reports and embed it in your own web properties as a report or dashboard.  This is going to be a premium feature, but for beta users it's available at the moment for free, and for people signing up when we go live you'll get 30 days for free. At the moment, it is fairly simple. To access it, you need create an API key by selecting "Edit Profile" from the dropdown underneath the "@<username>" menu in the top banner. To use each of the following [...]

By | October 15th, 2013|Feature updates, News, Support|0 Comments