One of the questions we get asked all the time is the deceptively simple:
Why API monitoring?
After all, companies and DevOps groups use LOTS of different monitoring tools. There’s the tool suite that come with their Amazon or Microsoft Cloud instance. There are stack monitoring tools for their backend, like New Relic or App Dynamic. There are the tools built into Axway or Apigee gateways. Then there are whole sets of web tools, from simple pings of a website to complex scripting tools, and a whole range of options for monitoring the network itself. And, finally, there are other tools to make sense of the data and look for things.
Doesn’t that cover it?
The short answer is: no.
Your API is not a website
It looks like a web call, so why not treat it like one? Between the various flavors of OAuth, Mutual TLS on the client side, and simple API keys, getting a meaningful response back can be a challenge. Essentially it’s doing a different thing, in a different way, with significantly different security. Then there are the responses – what does come back? Text, JSON, XML?
Isn’t a ‘ping’ enough?
The ping tells you the server responded as expected. But it doesn’t tell you much else. Is the content correct? Did you get back what you wanted? If a regulator expects you to return 1800 items, can you instantly spot if you only sent 3? If you have a travel site, are you sending all the hotels you should for a given date? Missing functional errors leaves the door open to poor experiences and even regulatory compliance fines!
My gateway or stack tool does this
Your gateway and/or stack tool verifies what you’re sending – but there are several things it doesn’t tell you. If you go down during a period of light load, you may miss that you’re down until load returns to normal, causing a simple fix to become a full blown fire drill. If you stop returning the correct content, or something further down the chain breaks and traffic stops flowing, there might not be anything wrong in any particular section, but the systems may not see the errors. We see this a lot in legacy based systems like banking.
We have networking tools for this
Your networking tools are great for optimizing traffic around the internet, but they aren’t designed to spot application layer problems like an API can be. If everything generally works except for calls made form a specific cloud in a specific geography, you might not notice that you don’t get much traffic from there, and that the reason for this is your sub-optimal performance. Likewise, if you fundamentally do not work with a particular service, like Azure for example, you need to tell developers and customers not to build on that stack.
Where API metrics comes in (the space in there is deliberate!)
By analyzing, in real time, the API metrics like HTTP code, content validation, networking breakdown, from around the world and the cloud – and generating a simple trend based score from that data – APImetrics identifies outliers and performance problems before they impact users, or become a regulatory compliance hassle.
Don’t get caught out by your APIs under performing, or worse, APIs you depend on but don’t own or control underperforming. Get on top of API performance monitoring today with a product built from the ground up to solve this very real problem. Whether it’s what Service Level you actually get and not what the SLA says, or making sure you can prove API compliance to a regulator or watch dog or buyer, get things monitored!
So, to answer the question: why API monitoring? Because you need it.
Image licensed under Creative Commons License – author unknown