We have lurched out of April and into yet another month of the COVID-19 crisis (we are going to be in that for a good while yet). And that time has arrived when we must discourse on the State of the APIs over the past month.
We recently launched API.expert as a simple way to provide everybody with insights into the API economy and the leading APIs in different categories in particular. The basic service is free and will remain free, but other, related services will be built on top of it, including your very own API.expert dashboards if you want them!
Each week, month and year we’ll look at the APIs we track in a variety of sectors for their quality (using our patented (US Patent 10,644,962) CASC score, which allows you at a glance to see the performance of an API and compare it to other ones) as well as factors like uptime and availability.
If something is missing that you think should be here, don’t hesitate to drop us a line!
Now, onto what the past month tells us about the state of the world of APIs in the second quarter of 2020.
API Performance Headlines
We look at over 200 APIs but pull all the metrics together to give you a general feeling for the service quality for an organization’s APIs in a particular category.
We do see that certain providers consistently vie for top spot in their category including GitHub and Google with others doing less well such as Cisco’s Spark services.
Month of April, 2020
|Corporate Infrastructure||Pivotal Tracker||945|
|Covid-19||ECDC (European Centre for Disease Prevention and Control)||861|
|PSD2 Banks||ABN AMRO Bank||961|
|UK Open Banking (Open Data)||Bank of Ireland||971|
Four changes this month:
- Pivotal Tracker replacing GitHub at the top of Corporate Infrastructure
- HitBTC replacing LATOKEN, which plunges to 16th place out of 18 with a CASC score of just 588, placing it firmly in the Red Zone
- In Cryptocurrency Exchanges, Google eplacingTwitter in Social Networks
- FDA eplacingDepartment of Justice in US Government
After a more stable month in March, we saw a fairly volatile month in April. In 5 out of the 9 categories, the top API has managed to sustain as CASC score of over 950 for a whole month, which is an excellent showing on their parts.
A CASC score of over 900 is very good and one of 950 or more exceptional. Sustaining a CASC score of >925 over a period of several weeks is a good showing and congratulations to those organizations that achieved it.
Top performers by latency
Month of April, 2020
|Corporate Infrastructure||Microsoft Office||234 ms|
|Covid-19||WHO (World Health Organization)||113 ms|
|Cryptocurrency Exchanges||FTX||223 ms|
|PSD2 Banks||Nordea Bank||175 ms|
|Social Networks||119 ms|
|UK Open Banking (Open Data)||HSBC||86 ms|
|UK Government||Police.UK||76 ms|
|US Government||Department of Justice||85 ms|
Just two changes since March:
- Microsoft Office replacing Slack in Corporate Infrastructure
- Nordea Bank replacing Open Bank Project in PSD2 Banks
FTX are first again for latency in Cryptocurrency Exchanges, but again only 8th out of 18 overall albeit with a respectable CASC score of 834.
Worst quality across all categories
Month of April, 2020
|Corporate Infrastructure||Nobody below 800!|
|Cryptocurrency Exchanges||Oasis Dex||236|
|Search||Nobody below 800!|
|Social Networks||Nobody below 800!|
|UK Open Banking (Open Data)||Halifax||699|
|US Government||Department of Commerce||562|
No significant changes from last month with just Corporate Infrastructure no longer having anybody below 800. In the new category of COVID19-Tracker-REST-API takes the wooden spoon from Oasis Dex with a CASC score of just 114.
As we have seen for the last few weeks and months, bad APIs tend to stay bad. All of these APIs would benefit from a little (or a lot of) TLC.
Something of interest
Visa took the worst place spot in the PSD2 Banks category for April. But what it is doing wrong is actually quite interesting.
What matters to the end-user is whether an API endpoint returns the correct information in a timely fashion. Some might like to claim that “Everything is going to be 200 OK”. But that is, of course, nonsense.
Now, in a properly set-up REST API, if there is an issue at the gateway or the server, a HTTP status code 4xx (client-side issues) or 5xx (server-side ones) should be returned. But you can have a situation in which there is a bug, so that the expected information isn’t returned.
That’s why you should, ideally, always check that returned payload contains what is expected using the conditions functionality in APImetrics.
Some systems however still rely on legacy functionality implemented with SOAP APIs. (It seems that old software neither dies or even barely fade away.) SOAP APIs will always (well, almost always) return a 200. But the problem is that you don’t know whether the return payload is actually an error message associate with, for instance, authentication and authorization, which should really return a 4xx, or one with a server-side issue, which should return a 5xx.
So just looking at the HTTP status code doesn’t tell you anything. It is always going to be a 200. So, with SOAP, it is absolutely essential to check the payload.
And this is what we do in our tests. We check to see if the response includes various JSON fields and if doesn’t then, the call is marked as a fail even through a HTTP status code 200 is returned. That way we can calculate the true pass rate of the API. And you can see at a glance whether each call really has behaved as expected or not.
See you again in a month as we assess how matters have gone in May.