Technical Challenges of OpenID FAPI JWT and Open Banking

The worst thing a specification can do is not specify something The recent retirement of OB Legacy certificates has caused trouble in the Open Banking UK world. With a hard deadline of June 30, 2021, some institutions were still working in the last three weeks to complete the change.  After having finished their transfer, others turned off the old certificate support weeks ago, essentially cutting off any integration that hadn’t been updated. However, the remaining number struggled with the lack of specs for handling secure APIs and communicating information in a standardized way. Some Background – OpenID FAPI JWT Using Financial-grade API (FAPI) [...]

2021-07-07T17:02:39-07:00By |Programming Tips|

Simple Cross Cloud API Performance Data

Or... how to fine tune your containers Have you ever wanted to know if you've picked the right cloud or location for the job when you're building an Application? Well wonder no more, one of the features of (hassle free, code free monitoring) is the ability to see how a particular endpoint works from every public cloud data center from AWS, Azure, Google and IBM. And, if you're wondering why cross cloud API performance might matter for you, consider this. We see as much as 2 seconds per transaction difference between the BEST and WORST data centers for many leading APIs. [...]

2021-07-07T15:54:37-07:00By |Programming Tips|

Why API Monitoring?

Why API Monitoring One of the questions we get asked all the time is the deceptively simple: Why API monitoring? After all, companies and DevOps groups use LOTS of different monitoring tools. There’s the tool suite that come with their Amazon or Microsoft Cloud instance. There are stack monitoring tools for their backend, like New Relic or App Dynamic. There are the tools built into Axway or Apigee gateways. Then there are whole sets of web tools, from simple pings of a website to complex scripting tools, and a whole range of options for monitoring the network itself. [...]

KPIs, SLOs and Other API TLAs

There's a fascinating article over at Medium by on API Key Performance Indicators (KPIs) by Michael Leppitsch, who works on Digital Strategies for Global Enterprises at Google Cloud. Here at APImetrics, we are very interested in API Service Level Objectives (SLOs). What's the difference between an SLO and a KPI? SLOs are generally part of a Service Level Agreement (SLA), which typically made between two parties, one exposing the API and the other consuming it. KPIs aren't the only measure A KPI could be the same as an SLO, for instance, that the median latency of an API be less [...]

2020-07-09T14:13:16-07:00By |Programming Tips, Opinion|

Active + Passive Monitoring = Rapid Problem Resolution

Let’s take a real example from a customer. One of their users logged a service complaint, and the internal SRE (Service Reliability Engineering) team checked their passive monitoring. Server logs in Splunk...

APImetrics + Your Passive Monitoring Stack

Your passive monitoring stack is vital in understanding how your applications, and the APIs on which the applications depend, are being used over time and how they are behaving. But there are many questions about the performance and quality of your APIs that these passive tools cannot answer. Passive monitoring can only tell you about APIs that are being used and about requests that are reaching the gateway, and cannot tell you whether the response is correct. To do this, you need an active monitoring tool. APimetrics is the perfect complement to the passive monitoring tools such as those [...]

2018-03-30T10:44:13-07:00By |Programming Tips, Support|

200 OK? Check Again.

Something we've talked a LOT about is when an API returns a HTTP 200 ok code, but the API returns an error. This can be a challenge for a gateway's passive monitoring and backend services to spot because, technically, nothing went wrong. Take a look at one we had just this morning from the APIs for a major IoT provider. HTTP/1.1 200 OK Date: Wed, 21 Mar 2018 09:10:52 GMT Server: Apache Vary: Accept-Encoding { "status": 2XXX, "body": {}, "error": "An unknown error occurred: Maintenance mode, please check" } It's vital to have active monitoring that not only [...]

2018-03-23T09:47:05-07:00By |Opinion, Programming Tips|

Active Monitoring and API Documentation (Or, “Why Doesn’t My Call Work?”)

One of the issues we frequently see is clients having issues with moving to active external monitoring from internal testing or testing through their API documentation system (like Apiary, Postman or others). The challenge is simple – if you've been making calls to your APIs from within your firewall you may not have experience in the issues that impact those calls. This post explores some of the common issues we see. Custom Endpoint Name When using our import service to pull in from a documentation system, the root URL of the API call might be specific to the documentation [...]

API Update Failure: Or, Beware Of The Leopard

One of the ongoing potential API update failures is handling situations that commonly happen whenever you have to update them. Updating an API is a perfectly natural thing to do. In fact, often you have to update an API for essential reasons – security changes, new features and more. But if you’re coming from an enterprise background, where APIs are generally only for internal use it's very easy to forget that there are others dependent on them. So when considering potential API update failure modes, you’re looking at processes and strategies that you need in place for the following: Updating [...]

2018-03-16T13:27:31-07:00By |Programming Tips, Opinion|

Going SLO: Service Level Agreements and Service Level Objectives

APImetrics is a tool for monitoring the performance and quality of APIs. There are lots of good reasons why you should do that, but one particularly important one is to see if an API meets its Service Level Agreement (SLA). But as a team of Google engineers point out in their O'Reilly book Reliability Engineering: How Google Runs Production Systems, an SLA is actually a legal document (or, in the case of an internal API, a formal agreement between business units). So, the whole SLA places a legal wrapper around one of more Service Level Objectives (SLOs). For an API, [...]

2018-03-27T18:25:09-07:00By |Opinion, Programming Tips|
Go to Top