4xx Client-side Warning
4xx HTTP status codes are generated when a request is made to an endpoint that does not exist or for which the user lacks the appropriate authorization. Because these types of issues indicate that the web server receiving the request is behaving as expected, 4xx client-side warnings generally should not be included when determining the performance and quality of an API endpoint.
5xx Server Error
A 5xx server error is an actual reported error from the application server hosting the APIs.
The APImetrics software agent runs at various cloud locations around the world enabling synthetic calls to be generated as if they were being made by an end user or partner.
Although an Application Programming Interface (API) is a general concept in computer systems, in the current context we are concerned only with web APIs. A user makes an HTTP request to a published API endpoint. The request causes the web server that receives the request to return a payload containing information in a specified format or cause the state of some remote resource to be changed. APIs can thus be used to exchange useful data and information between systems.
An API call is a single HTTP request made to a particular endpoint. Details of the request and the response are stored by APImetrics for further analysis to determine the performance and quality of the endpoint.
Authentication and Authorization
Access to a particular API endpoint may depend on validating the identity of the requesting party and whether it has been granted the appropriate authorization. This might involve encrypted passwords or tokens generated and managed through a protocol such as OAuth 2.0 supplemented by a specification such as FAPI (Financial-grade API).
Closely linked to pass rate. Strictly, the availability should always be higher than the pass rate. Calls to an endpoint may not pass because of authentication and authorization issues or because the request is malformed, but the endpoint is still available. APImetrics analyzes the results and calculates pass rate and estimates availability.
An organization that provides a commercial service, hosting applications at a server. Well-known cloud providers include Google Cloud Platform (Google), Amazon Web Services (AWS), and Microsoft Azure (Azure), IBM Cloud (IBM), all of which have many locations around the world.
Internal and external network configuration, such as load balancers at the API gateway that direct requests to specific IP addresses, can have a significant impact on API performance and quality. For instance, problems with external configuration such as routing tables can cause requests to be misdirected, and load balancers can direct requests to IP addresses that do not support a particular service.
Cloud API Service Consistency (CASC) is an APImetrics-proprietary patented technology that combines various measures of API performance such as availability, latency, reliability, and a number of outliers, benchmarked against our unrivalled collection of historical API call records, to give a single blended metric much like a credit rating. The CASC score lets you see at a glance the quality of an API endpoint, whether it is getting better or worse, and how it compares to other endpoints.
|CASC Score Zone||CASC Score Range||API Status|
|8.00 or greater||API is performing well with no performance issues|
|6.00 - 7.99||API is generally performing adequately, but there are some performance issues in need of attention|
|Less than 6.00||API is peforming poorly. There are serious performance issues in need of urgent remedial attention|
|CASC score zone||CASC score range||API status|
|Green||8.00 or greater||API is performing well with no performance issues|
|Yellow||6.00-7.99||API is generally performing adequately, but there are some performance issues in need of attention|
|Red||Less than 6.00||API is performing poorly. There are serious performance issues in need of urgent remedial attention|
The CMA9 are nine large UK banks that are mandated by the Competition and Markets Authority (CMA) to expose certain Open Banking APIs and regularly return certain reports on the performance of the APIs. The banks are Allied Irish Bank, Bank of Ireland, Barclays, Danske, HSBC, Lloyds Group, Nationwide, NatWest Group, and Santander.
The time taken for a request to be downloaded from the web server to the agent.
DNS (Domain Name Server) is a global service that identifies where a particular service is located on the internet. The lookup time is the time taken for the cloud service making the API call to identify where the target server is and route the request. The different techniques used for the lookup task will affect service quality and appear as latency.
The Universal Resource Indicator (web address) that is called when you make an API call. For the API call to work you will have URI + parameters of the call + security. This task is different to simply looking up the URL of a website, where it is often just the URI that is needed.
The proportion of calls made to an API endpoint that returns an unexpected response.
Financial-grade API (FAPI) is a technical specification that the Financial-grade API Working Group of OpenID Foundation has developed. It uses OAuth 2.0 and OpenID Connect (OIDC) as its base and defines additional technical requirements for the financial industry and other industries that require higher API security.
The simplest HTTP verb (others are HEAD, POST, PUT PATCH and DELETE) that sends a request to an API endpoint that gets a resource, such as a list of account transactions. Parameters and headers allow complex requests to be made with a GET.
The time to complete the process that sets up an HTTP connection, which is called a handshake.
In general, latency is the same as total time. The latency consists of several latency components including name lookup (DNS) time, handshake time, upload time, processing time, and download time. In this report, latency is reported in milliseconds.
A measure of some aspects of API endpoint performance such as the availability or median length of a latency component.
The totality of the physical network elements that make up the systems that together comprise the internet. Includes switches, routers, and connectors such as fiber and microwave links.
An API endpoint that does not respond according to its published specification is non-conformant. Typically, this might mean that the return payload has missing fields, contains incorrect information, or the endpoint is generating errors and warnings despite the call being made according to specification.
Open Banking Implementation Entity (OBIE) is the UK entity managing standards for Open Banking within the United Kingdom.
A new global paradigm for banking, financial, and payment services that enables innovative new products and user experiences powered by data and information exchange through APIs.
The set of metrics such as availability, latency, reliability, and number of outliers that define how an API endpoint has behaved over time.
One of the components of latency is the time the server takes to process a received request before sending the response back to the end user.
Payment Services Directive 2 (PSD2) is a pan-European agreement to open payments and banking services that is applicable to all financial service providers doing business in the EU and United Kingdom. Responsibility for the implementation of regulations lies with each country.
How good an API endpoint is from the end-user perspective. Although this can be challenging to measure, blended metrics such as the APImetrics CASC score provide a quantitative benchmark, allowing organizations to compare the quality of an API endpoint over time, or compare two API endpoints at a glance.
A reliable API endpoint tends to respond within a narrow range of time. A reliable endpoint may not necessarily be fast, but the variance in its latency will be relatively small.
The rate at which data is passed along a connection such as an intercontinental undersea fiber link. The more traffic, the slower the speed of the connection.
The time between a request being made to an API endpoint and the whole of the response being received, including the name lookup (DNS) time.
The time taken for a request to be uploaded from the agent to the web server.
APIs are often updated to make changes to the way the endpoints are invoked, or the content of the payload returned. It is important to ensure that the endpoint for the correct version is invoked. Often the URI for the endpoint will contain the version.
Latest Google Workspace News
API Movers and Shakers: Your Weekly API Performance Report
Spring has sprung! And our weekly API performance report is here. For our new readers, hello! This report is culled from our API.expert data and from that info, we give you the movers and shakers in each sector. You can also see on our new slick API Directory! Don’t see your favorite APIs listed? Let […]
API Movers and Shakers: Your Weekly API Performance Report
Once again, U.S. Government APIs are not doing so well. FEMA in the US Government Collection was in the Red Zone with a CASC score of 5.72. This was primarily due to an outage on the 7th of March, which saw the requests to most endpoints timeout. There was also a scattering of failures throughout […]
Weekly API Performance Report: Movers and Shakers
Here are our highlights for the week in APIs. We tell you who’s up, who’s down, and who dropped out completely. Are the APIs you depend on included? If not, let us know and we’ll add them to our collection. And if you still haven’t signed up for a demo, what are you waiting for? […]
Ready To Start Monitoring?
Want to learn more? Check out our technical knowledge base, or our sector by sector data, or even our starters guide to the API economy. So sign up immediately, without a credit card and be running your first API call in minutes.