Your passive monitoring stack is vital in understanding how your applications, and the APIs on which the applications depend, are being used over time and how they are behaving. But there are many questions about the performance and quality of your APIs that these passive tools cannot answer. Passive monitoring can only tell you about APIs that are being used and about requests that are reaching the gateway, and cannot tell you whether the response is correct. To do this, you need an active monitoring tool. APimetrics is the perfect complement to the passive monitoring tools such as those [...]
One of the issues we frequently see is clients having issues with moving to active external monitoring from internal testing or testing through their API documentation system (like Apiary, Postman or others). The challenge is simple – if you've been making calls to your APIs from within your firewall you may not have experience in the issues that impact those calls. This post explores some of the common issues we see. Custom Endpoint Name When using our import service to pull in from a documentation system, the root URL of the API call might be specific to the documentation [...]
While REST and JSON are in vogue for APIs, there are still plenty of APIs out there using the (not-so) venerable XML-RPC specification, which dates all the way back to 1999. Yes, this is a technology that may be older than your youngest co-workers in the very near future! If you’re calling an XML-RPC API, you’ll probably using a library to wrap the actual interface, and given the age of the technology, you might be using PHP. For example, Wordpress exposes an XML-RPC API, and contains a XML-RPC library, but there are many options available, across many different languages. [...]
We know from history that API owners can be poor at communicating changes in their APIs. Twitter, for example, is known for burying the lede concerning API changes at the bottom of otherwise unrelated updates. One client also completely changed their OAuth configuration without actually telling a single user of their APIs. It completely shut off a number of applications. With early warning you can know that something is coming to get you. Or at the very least, you'll know to contact your service provider for more data – before the dependent apps and services get shut off for good. One of the values of monitoring the APIs...
by Marcelo Graciolli licensed under CC BY 2.0 There are many ways to monitor API security on the web. Some APIs might have no security – you can make a simple HTTP call and get an answer back – but if for whatever reason the data is protected or monitored, it's normal to have some form of API security. This typically takes one of two major formats – an API key, or OAuth authentication. Things get very interesting with OAuth. With OAuth 2, you can set up a scope to allow access to only certain API resources. So [...]
One of the things about APIs is that they're complicated. There's a lot of things that can and do wrong. So there are many metrics that we measure for each API. That's why we came up with the CASC Score as part of our APImetrics Insights analytics package. CASC stands for Cloud API Service Consistency. What is a CASC Score? Simply put, you don't want to know just that your API is performing. You also want to know HOW it is performing. Our CASC Score is a number between 0 and 1000 that tells you how well an API performed [...]