API Security Monitoring
Integrated API Security
Make real API calls with fully integrated Authentication management:
- Save API Keys centrally with easy changing for tests
- Handles all forms of OAuth natively in the product
- OAuth 1.0
- OAuth 2.0
- OAuth 2.0 + JWT or JWS
- MTLS supported during API calls
Make real calls in the real world
Make API calls from where your users are and experience what they experience. Fully understand where errors might come from and identify potential issues or problems before they hit users.
Do your tokens last?
Verify that tokens last as expected.
Monitor OAuth Scopes
Set test conditions for OAuth scopes or geographic locks and get alerted if things work that shouldn’t. Identify security holes opening before hackers exploit them.
Work with our product and our partner, Ping Identity, for complete API security.
Diagnostics, SLAs, KPIs and more
- Automatic generation of target SLOs based on actual performance
- Integrated benchmarking to other similar types of API in similar industries
- Automated outlier detection based on API monitoring of cloud and location
- Detailed Key performance Indicator (KPI) reports
- Service Level Agreement monitoring and alerting
- Ranking and benchmarking reports against similar APIs in similar sectors
- Automated compliance reporting for regulators
- Daily, weekly and monthly automated emailed reports
Detailed API Analytics
Results are broken down into the key components of the API transaction, showing DNS lookup times, handshake, server processing times including time to first byte delivered.
APImetrics machine learning tools and AI then go to work identifying the issues you’ve missed, potential areas of concern and how you stack up against similar APIs.
Frequently Asked Questions – API Monitoring
Yes. APImetrics is hosted on a fully SOC compliant platform that meets ISO27001 and other international security standards.
We store active account data for 18 months in instant access storage and indefinitely in cold storage – if you need access to any results or history you can get as long as you’re an active customer.
By removing all identifying information from the benchmarking data we provide you with an indication of our how measure up and rank with similar APIs (by functionality and by industry) – this still allows you to understand how to measure up in terms over overall quality, speed and performance, but you don’t necessarily see the specific services you are being ranked against.
Yes. SOAP APIs are fully supported.
APImetrics supports OAuth 1.0, 2.0 and JWS and JWT natively in the product, including handling scopes and token refresh. Additionally, with workflows you can easily set up custom token provisioning scenarios.
Yes, our agents are designed to allow easy uploading of your TLS certificates for extra call security.
Yes. APImetrics provides webhook based integration into most of the leading monitoring and alerting tools like Slack, Pager Duty, OpsGenie and more. We also provide a generic API for integration into a wider range of products including your own ‘in house’ solutions.
Not directly, APImetrics was designed to tell you how your APIs are working for other people with the security they use from remote locations. You can set up a local agent to run tests from for calls inside your firewall. Just contact us for more information.