Apica Docs
  • Welcome to Apica Docs!
  • PRODUCT OVERVIEW
    • Ascent Overview
    • Ascent User Interface
  • TECHNOLOGIES
    • Ascent with Kubernetes
      • Kubernetes is a Game-Changer
      • Ascent: Built on Kubernetes
    • Ascent with OpenTelemetry
      • Why Implement OpenTelemetry?
      • Common Use Cases for OpenTelemetry
      • How to Get Started with OpenTelemetry
      • Best Practices for OpenTelemetry Implementations
  • RELEASE NOTES
    • Release Notes
      • Ascent 2.10.4
      • Ascent 2.10.3
      • Ascent 2.10.2
      • Ascent 2.9.0
      • Ascent 2.8.1
      • Ascent 2.8.0
      • Ascent 2.7.0
      • Ascent 2.6.0
      • Ascent 2.5.0
      • Ascent 2.4.0
      • Ascent 2.3.0
      • Ascent 2.2.0
      • Ascent 2.1.0
        • Data Fabric
          • Releases-old
        • Synthetic Monitoring
        • Advanced Scripting Engine
        • IRONdb
      • Synthetic Monitoring
  • GETTING STARTED
    • Getting Started with Ascent
      • Getting Started with Metrics
      • Getting Started with Logs
        • OpenTelemetry
    • Ascent Deployment Overview
    • Quickstart with Docker-Compose
    • On-Premise PaaS deployment
      • On-Premise PaaS Deployment Architecture
      • Deploying Apica Ascent PaaS on Kubernetes
      • Deploying Apica Ascent PaaS on MicroK8s
      • Deploying Apica Ascent PaaS on AWS
      • Deploying Apica Ascent EKS on AWS using CloudFormation
      • Deploying Ascent on AWS EKS with Aurora PostgreSQL and ElastiCache Redis using Cloud Formation
        • Deploying Apica Ascent on AWS EKS with Aurora PostgreSQL and ElastiCache Redis using CloudFormation
        • Apica Ascent on AWS EKS (Private Endpoint) with Aurora PostgreSQL and ElastiCache Redis on prod VPC
      • Deploying Apica Ascent EKS on AWS using custom AMI
      • Deploying Apica Ascent EKS with AWS ALB
      • Deploying Apica Ascent PaaS in Azure Kubernetes Service
        • Azure Blob Storage Lifecycle Management
      • Deploying Apica Ascent with OpenShift
    • Boomi RTO Quick Start Guide
      • RTO Dashboarding
      • Alerting on RTO Metrics
      • Alerting on RTO Logs
    • Dashboards & Visualizations
  • DATA SOURCES
    • Data Source Overview
    • API
      • JSON Data source
      • RSS
    • AWS
      • Amazon Athena
      • Amazon CloudWatch ( YAML )
      • Amazon Elasticsearch Service
      • Amazon Redshift
      • MySQL Server (Amazon RDS)
    • NoSQL Data Sources
      • MongoDB
    • OLAP
      • Data Bricks
      • Druid
      • Snowflake
    • SQL Data Sources
      • PostgreSQL
      • Microsoft SQL Server
      • MySQL Server
    • Time Series Databases
      • Prometheus Compatible
      • Elasticsearch
      • InfluxDB
    • Ascent Synthetics
      • Checks
    • Ascent Logs
      • Logs
  • INTEGRATIONS
    • Integrations Overview
      • Generating a secure ingest token
      • Data Ingest Ports
    • List of Integrations
      • Apache Beam
        • Export Metrics to Prometheus
          • Pull Mechanism via Push-Gateway
        • Export Events to Apica Ascent
      • Apica ASM
      • Apica Ascent Observability Data Collector Agent
      • AWS
        • AWS CloudWatch
        • AWS ECS
          • Forwarding AWS ECS logs to Apica Ascent using AWS FireLens
          • ECS prometheus metrics to Apica Ascent
        • AWS S3
      • Azure
        • Azure Databricks
        • Azure Eventhub
        • Azure Event Hubs
      • Docker Compose
      • Docker Swarm logging
      • Docker Syslog log driver
      • F5 Big-Ip System
      • Filebeat
      • Fluent Bit
        • Forwarding Amazon-Linux logs to Apica Ascent using Fluent Bit
        • Fluent Bit installation on Ubuntu
        • Enabling IoT(MQTT) Input (PAAS)
        • IIS Logs on Windows
      • Fluentd
      • FortiNet Firewalls
      • GCP PubSub
      • GCP Cloud Logging
      • IBM QRadar
      • ilert
      • Incident Management
        • Webhooks
      • Jaeger
      • Kafka
      • Kinesis
      • Kubernetes
      • Logstash
      • MQTT
      • Network Packets
      • OpenTelemetry
      • Object store (S3 Compatible)
      • Oracle OCI Infrastructure Audit/Logs
      • Oracle Data Integrator (ODI)
      • OSSEC Variants (OSSEC/WAZUH/ATOMIC)
        • Apica Ascent-OSSEC Agent for Windows
      • Palo Alto Firewall
      • Prometheus
        • Spring Boot
        • Prometheus on Windows
        • Prometheus Remote Write
        • MongoDB Exporter
        • JMX Exporter
      • Rsyslogd
      • Syslog
      • Syslog-ng
      • Splunk Universal Forwarder
      • Splunk Heavy Forwarder
      • SNMP
      • Splunk Forwarding Proxy
      • Vault
        • Audit Vault Logs - AWS
        • Audit Vault Logs - OCI
        • Audit Vault Metrics
    • Apica API DOCS
  • DATA MANAGEMENT
    • Data Management Overview
    • Data Explorer Overview
      • Query Builder
      • Widget
      • Alerts
      • JSON Import
      • Creating Json Schema
        • Visualization
          • Line chart
          • Bar chart
          • Area chart
          • Scatter chart
          • Status chart
          • Counter chart
          • Stat chart
          • Size chart
          • Dense Status chart
          • Honeycomb chart
          • Gauge chart
          • Pie chart
          • Disk chart
          • Table chart
          • Date time chart
      • Time-Series AI/ML
        • Anomaly Detection
        • Averaging
        • Standard Deviation(STD)
      • Data Explorer Dashboard
        • Create a Dashboard
        • Editing Dashboard
          • Dashboard level filters
    • Timestamp handling
      • Timestamp bookmark
    • Large log/events/metrics/traces
  • OBSERVE
    • Monitoring Overview
      • Connecting Prometheus
      • Connecting Amazon Managed Service for Prometheus
      • Windows Redis Monitoring
      • Writing queries
        • Query Snippets
      • Query API
      • Use Apica API to ingest JSON data
    • Distributed Tracing
      • Traces
      • Spans
      • Native support for OTEL Traces
      • Windows .NET Application Tracing
      • Linux+Java Application Tracing
    • Log Management
      • Terminology
      • Explore Logs
      • Topology
      • Apica Ascent Search Cheat Sheet
      • Share Search Results
      • Severity Metrics
      • Log2Metrics
      • Native support for OTEL Logs
      • Reports
        • Accessing Reports results via API
      • Role-Based Access Control (RBAC)
      • Configuring RBAC
    • AI and LLM Observability
      • AI Agent Deployment
      • Ascent AI Agent Monitoring
      • Ascent Quick Start Guide
    • Synthetic Check Monitoring
      • Map View
      • List View
      • Alerting for Check Results
  • Flow
    • Overview
    • Pipeline Management
      • Configuring Pipelines
      • Visualize Pipelines
      • Pipeline Overview Dashboard
      • Forwarding Data
    • OpenTelemetry Ingest
      • OpenTelemetry Logs / Traces
      • OpenTelemetry Metrics
        • Transforming Metrics through Code Rules
    • Vault
      • Certificates
      • Variables
      • Lookups
    • Rules
      • FILTER
      • EXTRACT
      • SIEM and TAG
      • REWRITE
      • CODE
      • FORWARD
        • Rename Attributes
      • STREAM
    • Functions
      • ascent.encode
      • ascent.decode
      • ascent.persist
      • Ascent.variables
      • ascent.crypto
      • Ascent.mask
      • Ascent.net
      • Ascent.text
      • Ascent.time
      • Ascent.lookups
    • List of Forwarders
    • OpenTelemetry Forwarding
      • Metrics
      • Traces
      • Logs
    • Splunk Forwarding
      • Apica UF Proxy App Extension
        • Standalone Instance
        • List of Indexer Instances
        • Indexer Discovery
      • Splunk HTTP Event Collector (HEC) Forwarder
        • Metric Indexes
        • Non Metric Indexes
      • Splunk Syslog Forwarding
    • Real-Time Stream Forwarding
      • AWS Kinesis
      • Azure Eventhub
      • Google Pub/Sub
    • Security Monitor Forwarding
      • Arc Sight
      • RSA New Witness
    • Forwarding to Monitoring Tools
      • Datadog Forwarding
      • New Relic Forwarding
      • Dynatrace Forwarding
      • Elasticsearch Forwarding
      • Coralogix Forwarding
      • Azure Log Analytics Forwarding
    • Object Store Forwarding
      • S3 Compatible
      • Azure Blob Storage
    • Forwarding to Data Warehouse
      • GCP Bigquery
  • Customized Forwarders
    • JS Code Forwarding
  • LAKE
    • Powered by Instastore™
  • FLEET MANAGEMENT
    • Overview
    • Agents
    • Configurations
    • Packages
    • Fleet Repository Management
    • Advanced Search
    • List of Agents
      • Datadog Agent
      • Fluent-bit Agent
      • Grafana Alloy
      • OpenTelemetry Collector
      • OpenTelemetry Kubernetes
      • Prometheus Agent
  • COMMAND LINE INTERFACE
    • apicactl Documentation
  • AUTONOMOUS INSIGHTS
    • Time Series AI-ML
      • Anomaly Detection
      • Averaging
      • Standard Deviation(STD)
      • Forecasting
      • AI-ML on PromQL Query Data Set
      • Statistical Data Description
    • Pattern-Signature (PS)
      • Log PS Explained
        • Unstructured Logs
        • Semi-structured JSON
        • Reduce Logs Based on PS
        • Log PS Use Cases
          • Log Outlier Isolation
          • Log Trending Analysis
          • Simple Log Compare
      • Config PS
        • Config JSON PS
    • ALIVE Log Visualization
      • ALIVE Pattern Signature Summary
      • ALIVE Log Compare
    • Log Explained using Generative AI
      • Configuring Generative AI Access
      • GenAI Example Using Log Explain
    • Alerts
    • Alerts (Simple/Anomaly)
    • Alerts On Logs
    • Rule Packs
    • AI-powered Search
  • PLATFORM DOCS
    • Synthetic Monitoring Overview
      • Getting Started with ASM
        • Achieving 3 Clicks to Issue Resolution via ASM
        • FAQ - Frequently Asked Questions
        • Creating A New Check
          • Creating a New Real Browser Check
      • Explore the Platform
        • API Details
        • Check Types
          • Android Check
          • Command Check
          • Compound Check
          • Browser Check
          • Desktop Application Check
          • AWS Lambda Check
          • DNS Resolver Check
          • DNS Security Check
          • Domain Availability Check
          • Domain Delegation Check
          • Domain Expiration Date Check
          • Hostname Integrity Check
          • iPad Check
          • iPhone Check
          • Ping Check
          • Port Check
          • Postman Check
          • Response Time Check
          • SSL Certificate Expiration Check
          • Scripted Check
        • Dashboards
        • Integrations
          • DynaTrace Integration
          • Google Analytics Integration
          • Akamai Integration
          • Centrify Integration
          • AppDynamics Integration
          • PagerDuty Integration
          • ServiceNow Integration
          • Splunk Integration
        • Metrics
          • Analyze Site
          • Result Values
          • Trends
          • Analyze Metrics
        • Monitoring
          • Integrating ASM Metrics into Grafana Using Apica Panels
            • Understanding the ASM Imported Dashboards
            • Using the Apica Panels Dashboards
          • Understanding ASM Check Host Locations
        • Navigation
          • Manage Menu
        • Reports
        • Use Cases
      • Configurations
        • Configuring Checks
          • Understanding Check Results
            • Understanding ZebraTester Check Results
            • Understanding Browser Check Results
            • Understanding Check Details
          • Editing Checks
            • Editing Browser Checks
            • Editing ZebraTester Checks
          • Using Regular Expressions Within the ASM Platform
          • Understanding the Edit Scenario Page
          • Comparing Selenium IDE Scripts to ASM Scenarios
          • Configuring Apica DNS Check Types
          • Implementing Tags Effectively Within ASM
          • Storing and Retrieving Information Using the ASM Dictionary
        • Configuring Users
          • Configuring SSO Within ASM
        • Configuring Alerts
          • Configuring Webhook Alerts
      • How-To Articles
        • ASM Monitoring Best Practices
        • API Monitoring Guide
        • IT Monitoring Guide
        • Monitor Mission-Critical Applications through the Eyes of Your Users
        • How To Mask Sensitive Data in ASM
        • How to Mask Sensitive Data When Using Postman Checks
        • How to Handle URL Errors in a Check
        • How To Set Up SSO Using Azure AD
        • How to Set Up SSO Using Centrify
        • ASM Scenarios How-To
          • How To Pace a Selenium Script
          • How to Utilize XPath Within a Selenium Script
          • How to Mask Sensitive Information Within an ASM Scenario
          • Handling Elements Which Do Not Appear Consistently
          • How to Handle HTML Windows in ASM Scenarios
    • ZebraTester Scripting
      • ZebraTester Overview
      • Install ZebraTester
        • Download ZebraTester
          • Core ZebraTester V7.5-A Documentation
          • Core ZebraTester V7.0-B Documentation
          • Core ZebraTester V7.0-A Documentation
          • Core ZebraTester V5.5-Z Documentation
          • Core ZebraTester V5.5-F Documentation
        • Download the ZebraTester Recorder Extension
        • Windows Installation
          • ZebraTester on Windows
          • Generate Private CA Root Certificate
          • Windows System Tuning
          • Install a new ZT version on Windows Server
          • Install/Uninstall ZT Windows Installer Silently
        • macOS Installation
          • macOS Preinstallation Instructions
          • Generate Private CA Root Cert (macOS X)
          • System Tuning (macOS)
          • Import a CA Root Certificate to an iOS device
          • Memory Configuration Guidelines for ZebraTester Agents
      • ZebraTester User Guide
        • Menu and Navigation Overview
        • 1. Get a Load Test Session
          • Recording Web Surfing Sessions with ZebraTester
            • Further Hints for Recording Web Surfing Sessions
            • Recording Extension
              • Record Web Session
              • Cookies and Cache
              • Proxy
              • Page Breaks
              • Recording Extension Introduction
              • Troubleshooting
            • Add URL to ZebraTester
            • Page Scanner
          • Next Steps after Recording a Web Surfing Session
        • 2. Scripting the Load Test Session
          • 1. Assertions - HTTP Response Verificaton
          • 2. Correlation - Dynamic Session Parameters
            • 2b. Configuring Variable Rules
            • 2a. Var Finder
          • 3. Parameterization: Input Fields, ADR and Input Files
            • ADR
          • 4. Execution Control - Inner Loops
          • 5. Execution Control - URL Loops
          • 6. Execution Control -User-Defined Transactions And Page Breaks
          • 7. Custom Scripting - Inline Scripts
          • 8. Custom Scripting - Load Test Plug-ins
            • ZebraTester Plug-in Handbooks
          • Modular Scripting Support
        • 3. Recording Session Replay
        • 4. Execute the Load Test
          • Executing a First Load Test
          • Executing Load Test Programs
            • Project Navigator
              • Configuration of the Project Navigator Main Directory
            • Real-Time Load Test Actions
            • Real-Time Error Analysis
            • Acquiring the Load Test Result
            • More Tips for Executing Load Tests
          • Distributed Load Tests
            • Exec Agents
            • Exec Agent Clusters
          • Multiple Client IP Addresses
            • Sending Email And Alerts
            • Using Multiple Client IP Addresses per Load-Releasing System
        • 5. Analyzing Results
          • Detail Results
          • Load Test Result Detail-Statistics and Diagrams
          • Enhanced HTTP Status Codes
          • Error Snapshots
          • Load Curve Diagrams
          • URL Exec Step
          • Comparison Diagrams
            • Analysis Load Test Response Time Comparison
            • Performance Overview
            • Session Failures
        • Programmatic Access to Measured Data
          • Extracting Error Snapshots
          • Extracting Performance Data
        • Web Tools
        • Advanced Topics
          • Execute a JMeter Test Plan in ZebraTester
          • Credentials Manager for ZebraTester
          • Wildcard Edition
          • Execution Plan in ZebraTester
          • Log rotation settings for ZebraTester Processes
          • Modify Session
          • Modular Scripting Support
          • Understanding Pacing
          • Integrating ZebraTester with GIT
            • GitHub Integration Manual V5.4.1
      • ZebraTester FAQ
      • ZebraTester How-to articles
        • How to Combine Multiple ZebraTester Scripts Into One
        • Inline Scripting
        • How to Configure a ZebraTester Script to Fetch Credentials from CyberArk
        • How to Configure a ZebraTester Scenario to Fetch Credentials from CyberArk
        • How to Convert a HAR file into a ZebraTester Script
        • How to Convert a LoadRunner Script to ZebraTester
        • How to Import the ZT Root Certificate to an iOS device
        • How to iterate over JSON objects in ZebraTester using Inline Scripts
        • How to round a number to a certain number of decimal points within a ZebraTester Inline Script
        • How to Use a Custom DNS Host File Within a ZebraTester Script
        • How to Move a ZebraTester Script to an Older Format
        • API Plugin Version
        • Setting up the Memu Player for ZebraTester Recording
        • Inline Script Version
      • Apica Data Repository (ADR) aka Apica Table Server
        • ADR related inline functions available in ZT
        • Apica Data Repository Release Notes
        • REST Endpoint Examples
        • Accessing the ADR with Inline Scripts
      • ZebraTester Plugin Repository
      • Apica YAML
        • Installing and Using the ApicaYAML CLI Tool
        • Understanding ApicaYAML Scripting and Syntax
    • Load Testing Overview
      • Getting Started with ALT
      • Creating / Running a Single Load Test
      • Running Multiple Tests Concurrently
      • Understanding Loadtest Results
    • Test Data Orchestrator (TDO)
      • Technical Guides
        • Hardware / Environment Requirements
        • IP Forwarding Instructions (Linux)
        • Self-Signed Certificate
        • Windows Server Install
        • Linux Server Install
        • User Maintenance
        • LDAP Setup
        • MongoDB Community Server Setup
        • TDX Installation Guide
      • User Documentation
        • End User Guide for TDO
          • Connecting to Orson
          • Coverage Sets and Business Rules
          • Data Assembly
          • Downloading Data
        • User Guide for TDX
          • Connecting to TDX
          • Setting up a Data Profile
          • Extracting Data
          • Analyzing Data Patterns
          • Performing Table Updates
        • API Guide
          • API Structure and Usage
          • Determining Attribute APIs
            • Create Determining Attribute (Range-based)
            • Create Determining Attribute (Value-based)
            • Update Determining Attributes
            • Get Determining Attribute Details
            • Delete a Determining Attribute
          • Coverage Set API’s
            • Create Coverage Set
            • Update Coverage Set
            • Get All Coverage Set Details
            • Get Single Coverage Set Details
            • Lock Coverage Set
            • Unlock Coverage Set
            • Delete Coverage Set
          • Business Rule API’s
            • Create Business Rule
            • Update Business Rule
            • Get Business Rule Details
            • Get All Business Rules
            • Delete Business Rule
          • Workset API's
            • Create Workset
            • Update Workset
            • Get All Worksets
            • Get Workset Details
            • Unlock Workset
            • Clone Workset
            • Delete Workset
          • Data Assembly API's
            • Assemble Data
            • Check Assembly Process
          • Data Movement API's
            • Ingest (Upload) Data Files
            • Download Data Files
              • HTML Download
              • CSV Download
              • Comma Delimited with Sequence Numbers Download
              • Pipe Delimited Download
              • Tab Delimited with Sequence Numbers Download
              • EDI X12 834 Download
              • SQL Lite db Download
              • Alight File Format Download
          • Reporting API's
            • Session Events
            • Rules Events
            • Coverage Events
            • Retrieve Data Block Contents
            • Data Assembly Summary
        • Workflow Guide
        • TDO Project Builder User Guide
          • Project Design
          • Projects
            • Select Existing Project
            • Create a New Project
        • Format Function Guide
      • Release Notes
        • Build 1.0.2.0-20250213-1458
  • IRONdb
    • Getting Started
      • Installation
      • Configuration
      • Cluster Sizing
      • Command Line Options
      • ZFS Guide
    • Administration
      • Activity Tracking
      • Compacting Numeric Rollups
      • Migrating To A New Cluster
      • Monitoring
      • Operations
      • Rebuilding IRONdb Nodes
      • Resizing Clusters
    • API
      • API Specs
      • Data Deletion
      • Data Retrieval
      • Data Submission
      • Rebalance
      • State and Topology
    • Integrations
      • Graphite
      • Prometheus
      • OpenTSDB
    • Tools
      • Grafana Data Source
      • Graphite Plugin
      • IRONdb Relay
      • IRONdb Relay Release Notes
    • Metric Names and Tags
    • Release Notes
    • Archived Release Notes
  • Administration
    • E-Mail Configuration
    • Single Sign-On with SAML
    • Port Management
    • Audit Trail
      • Events Trail
      • Alerts Trail
Powered by GitBook
On this page
  • Overview
  • ABCs of API Monitoring
  • Conventional API Monitoring Falls Short
  • Gain 360-Degree Visibility with Apica Service-Level Assurance
  • API Monitoring Checklist
  • Infrastructure
  • Front-End
  • Middle-Tier and Database
  • Full User Journey Test
  • Presenting API Testing Data
  • Protect Your Business with Holistic API Visibility

Was this helpful?

Edit on GitHub
Export as PDF
  1. PLATFORM DOCS
  2. Synthetic Monitoring Overview
  3. How-To Articles

API Monitoring Guide

  • Overview

  • ABCs of API Monitoring

  • Conventional API Monitoring Falls Short

  • Gain 360-Degree Visibility with Apica Service-Level Assurance

  • API Monitoring Checklist

  • Infrastructure

    • Front-End

    • Middle-Tier and Database

  • Full User Journey Test

  • Presenting API Testing Data

  • Protect Your Business with Holistic API Visibility

Capture a 360-Degree View of API Health and Performance with Apica

Overview

In our tightly interconnected digital world, no company is an island—and no application is either. Critical business processes often function more like ecosystems than discrete pieces of software, drawing on a complex web of interdependencies across internal and third-party systems, making up the strands of that web: application programming interfaces or APIs.

APIs make modern digital services run, allowing companies to automate the process of querying data sets from disparate sources and transforming the results into practical information or action. Whether programmatically pulling data into your workflows, exposing your data to others, or both, APIs are thoroughly baked into modern applications. So much so that when problems with APIs crop up, they can have devastating consequences—disrupting user experiences, supply chains, even the basic functioning of the business itself.

For these reasons, APIs have become an essential component of digital monitoring. But there’s a problem: most approaches show you only part of the picture. They might check the network’s health an API uses or its performance accessing frequently used objects for common cases. They can’t show you how your APIs affect actual users and transactions—until now.

Apica offers a way to monitor APIs precisely as experienced by real-world applications and workflows. We combine synthetic monitoring—generating synthetic transactions to simulate real users—with load-testing and scripting to provide a 360-degree view of API performance. We can simulate even the most complex user journeys by capturing your API calls and performing a series of if/then operations based on what those queries return. And if there’s a problem, we can help you zero in on exactly what’s happening in minutes.

Keep reading to learn why holistic API visibility is crucial for modern businesses and what you should monitor to get the full picture.

ABCs of API Monitoring

APIs form the critical connections needed to send and retrieve data between servers, developers, integrators, and the applications your users depend on. If an API becomes unavailable or slow to respond, your business can quickly land in serious trouble. User experiences suffer, leading to abandoned transactions and lost customers. Business-to-business transactions can’t execute, causing missed deadlines and damaged relationships. Inventories drift, supply chains get disrupted, and worse. You can think of APIs' query/response structure as similar to a website—a valuable approximation for monitoring them. Some APIs use XML, some use other schemas like REST and GraphQL, but they share the same constraints as web environments.

So, your monitoring should answer the same kinds of questions:

  • How many queries per second can my APIs accommodate?

  • How many logins can they handle?

  • Can I verify that my APIs are communicating securely—that Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates are working?

  • Are my API domains resolving in Domain Name System (DNS) as they should?

  • Is my Global Server Load-Balancing (GSLB) distribution to back-end endpoints working as expected?

  • What percentage uptime am I achieving for a given day/week/month?

  • How are my APIs performing in my most important markets?

  • Am I meeting my service-level agreements (SLAs) with customers and partners?

As with web monitoring, the best way to get answers is to deploy agents at locations where customers rely on your APIs—ideally, agents capable of generating synthetic transactions. The wider you cast your net, the more scenarios you simulate, the more visibility you’ll have.

Conventional API Monitoring Falls Short

It sounds straightforward enough, so shouldn’t any API monitoring toolset do? Unfortunately, no. Typical approaches test specific API attributes or commonly used queries, but they don’t show how API traffic is being delivered to users. This means you usually have no idea about:

  • Long-pull objects that are not cached: Many APIs front-ends cache query responses. That’s a good thing—whenever your API has a common query that returns an oft-requested object, it will get a swift response. But what about less-common queries that need to return long-pull objects buried in back-end systems that rarely get hit—but are still extremely important for specific customers, use cases, and SLAs? If you’re not verifying that your API can access what it needs for those rare but important cases, can you say your system is highly available?

  • How your APIs handle dynamic data: Testing only the most commonly accessed objects can help you understand those specific queries. But it can’t show you API performance accessing dynamic data and acting on it—for example, pulling an inventory list to find a specific product at a specific location and complete a purchase. To measure that performance, you have to mirror the entire user journey—and most API monitoring tools can’t.

  • Interactions among APIs: APIs commonly interact with other APIs in certain parts of an application set. To understand the real user experience, you need to monitor all APIs and capture the aggregate data set. If you can’t access all those elements and get a unified view, you can’t verify the health of your system.

  • How APIs perform under load: If monitoring APIs gets complicated, stress-testing—hitting your API from multiple locations, with multiple query types, across multiple iterations—gets even trickier. APIs can suffer unique problems under load, such as quickly burning through infrastructure resources during socket buildup and teardown. If your monitoring doesn’t load-test with synthetic traffic to identify those kinds of issues, you won’t find them until users do.

When you can’t thoroughly test API behaviors like these, you can’t capture a meaningful baseline—and you’ll never have an accurate picture of real-world performance. Worse, you’re leaving your business with serious blind spots. That’s a big problem because API issues quickly cascade. A 20% lag in API response can translate to much longer delays in the interconnected systems depending on it.

Compounding the problem, most APIs are automated. Indeed, many optimization efforts depend on automated APIs to save time and resources (such as automatically moving data to less expensive cloud storage tiers when it meets specific criteria). If your API isn’t working as it should, those automations quickly fall apart. In the worst cases, automated APIs replicate problems thousands of times before they’re discovered. In cloud environments with consumption-based pricing, those issues can quickly get very expensive.

Gain 360-Degree Visibility with Apica Service-Level Assurance

At Apica, we know it’s not enough only to measure how APIs perform against internal systems or caches. You need to know how real-world workflows experience API queries. The only way to find out is to simulate the entire user journey. Enter the Apica Service-Level Assurance platform.

Where most approaches test only from the API interface, Apica tests from the perspective of everything interacting with your APIs; by capturing and scripting your business logic, we can simulate every user journey that matters to your business, with the full range of query/response scenarios your API needs to support. We show you how it’s performing from an internal perspective and the client-side from the outside coming in, including under load, to give you a holistic picture of real-world performance.

API Monitoring Checklist

To capture the complete picture of API performance, you’ll want to test each element individually, as well as end-to-end workflows in aggregate. By checking the health of long, complex query processes across the full transactional flow, you can see how real users and applications experience your APIs. And by pulling metrics from all the disparate components involved, you can quickly zero in on the source of problems when something goes wrong. To understand API performance thoroughly, make sure you cover the following core areas.

Infrastructure

Ops teams already capture granular details about the performance of infrastructure elements. Apica correlates those metrics with synthetic monitoring and load testing, so you can query both external sources and infrastructure elements themselves to measure API health from every angle. By synthetically replicating API calls and measuring how they affect infrastructure, you can capture an accurate baseline of how different user journeys translate to actual costs per transaction.

  • Verify infrastructure health: Check the health of every element in the data path, including servers, databases, firewalls, and load-balancers. Capture typical infrastructure metrics (CPU, memory, disk, network) to baseline performance and ensure you have the necessary capacity.

  • Verify the health of cloud and software-as-a-service (SaaS) elements: Track metrics like input/ output operations per second (IOPS), transactions per second (TPS), and SaaS licenses.

  • Perform network route path tests for transitory networks: Make sure you’re capturing metrics from the many transitory network elements that affect API performance that you don’t own. That can include transport provider infrastructure (routers, firewalls, load-balancers), caches, content delivery systems (CDNs), and edge distribution devices. Test things like link Internet Control Message Protocol (ICMP), traceroutes, and lookups of Border Gateway Protocol (BGP) statistics on the edge. If you don’t understand how all those pieces interrelate, you can’t get an accurate picture of your API infrastructure health.

Front-End

To effectively monitor the health of your API front-end, include the following checks:

  • Validate DNS health: DNS is the first step in any user journey. If it can’t resolve a hostname, the workflow and everything depending on it break down. Yet most API monitoring checks still don’t include DNS. Make sure to continually verify that DNS is returning the correct responses and hasn’t been hijacked. Monitoring should include DNS Security (DNSSec) and GSLB functions and the entire tree of DNS entries that may need to be publicly accessible.

  • Validate that SSL/TLS certificate and host information is correct/valid: To protect your business, make sure your API or the API you’re connecting to isn’t being spoofed.

  • Validate API front-end accessibility with login-checks: They sound simple, but login checks—especially involving multi-factor authentication (MFA) or credentials accessed via a shared secret directory—are extremely difficult for conventional monitoring tools. Additionally, make sure those credentials pass through if your front-end includes MFA checks that don’t go through the API. You can’t validate that with a simple front-end check; you need to examine the application set to verify that this handoff occurs.

  • Perform basic object queries for highly accessed objects: Thoroughly monitor the performance of the front-end itself, which typically handles cached objects. Check for response time metrics such as time to last byte, which can baseline API health.

Middle-Tier and Database

Most businesses still don’t do advanced testing of middle-tier and database components or synthetically test performance accessing different levels of archival information in storage. This means they don’t know whether any API-dependent data service meets its SLA. This becomes a bigger problem as businesses use APIs for storage optimization—such as automatically moving colder data to Glacier cloud storage to reduce costs. If users can’t restore data sets within SLA parameters, your optimization project can end up costing more than if you’d never bothered at all. When using API-driven automation for optimization efforts like these, you must continually validate their functionality to ensure they’re not breaking things.

  • Craft API logic to access multiple back-end systems: Check for interactions between different API elements such as multiple databases or multiple API data feeds.

  • Craft API logic to test data resiliency of tiered storage systems: Make sure you know how long it takes to access archived data versus cached data.

  • Craft queries to test third-party data sources: Make sure you’re simulating queries to every external dataset your system relies on.

Full User Journey Test

Understanding the end-to-end user journey is as essential as monitoring the component pieces of your API workflow—and often far more complex. Application teams need to participate in developing these tests, as they have a much clearer understanding of what the user journey entails. By ensuring cross-team collaboration in developing user journey tests, Ops teams will quickly connect the dots when something goes wrong.

  • Test the whole transaction: Simulate the end-to-end transaction with all APIs and other application elements, including dynamic information such as inventory data.

  • Undo the whole transaction: Testing systems must first do no harm. You should be able to undo an end-to-end synthetic transaction as easily as generating it not to disrupt the business.

  • Test your most important user journeys: Replicate the known user journeys of critical customers to verify that their use cases function correctly.

Presenting API Testing Data

These API checks provide a wealth of useful information. But within any business, different teams need to track different key performance indicators (KPIs). Apica offers customizable reports and dashboards to help stakeholders correlate API health to higher-level business metrics and dependencies. We provide customizable UI and Grafana plugins to pull data collected through the platform into your business intelligence systems.

Apica also includes extensive labeling and tagging capabilities to create custom abstraction layers. Just as public cloud UIs allow functional teams to monitor different KPIs for the business’ public cloud infrastructure, Apica offers similar abstraction layers—but for your entire infrastructure. Tag internal, external, and hybrid resources to map out how they interrelate. And use abstraction layers to dimension data sets differently for different teams and use cases.

Protect Your Business with Holistic API Visibility

As more critical business processes—and customers and SLAs—depend on APIs, it’s becoming more important to verify that they’re continually working as they should. By baselining and testing API performance with synthetic monitoring and load-testing, you can:

  • Increase visibility: With Apica, you can observe transactions across every OSI model layer, both individually and as end-to-end workflows. By correlating infrastructure monitoring with synthetic monitoring and load-testing, you gain an accurate 360-degree view.

  • Improve mean time to resolution: Some API issues—ICMP drops, packet drops—are relatively simple to troubleshoot. Others, however, like transitory problems with TCP windows, can be enormously difficult. By measuring the health of every component in the workflow, you can quickly triangulate the source of any issue. You can skip the finger-pointing stage of API issues and move immediately to fix them.

  • Avoid major outages: By thoroughly baselining and stress-testing all components of API flows, you gain insight to plan for potential problems before they affect users. If you know, for instance, that certain types of stories generate traffic that’s likely to stress your infrastructure, you can automatically provision the capacity you need ahead of time so the system doesn’t fail.

  • Optimize infrastructure resources: By continually stress-testing your infrastructure, you can identify where you’re over-or under-provisioned at all times and ensure your infrastructure provides the optimal level of service at the lowest cost.

  • Maximize automation: Businesses can use automation to implement all sorts of time- and cost-saving optimizations—provided the APIs those efforts depend on actually work. By maintaining a holistic picture of API health, you can validate that those optimization efforts deliver the value they’re supposed to, instead of creating more problems than they solve.

  • Transform IT Operations from cost center to business enabler: Often, even sophisticated digital companies, view monitoring as a business necessity but not something to get especially excited about. But when you can fully visualize APIs and the workflows they support and simulate any user journey, monitoring becomes enormously influential. Now, it’s easier to experiment with new ideas, automation, and API-driven business optimizations—and continually measure and fine-tune them. This translates to more innovative operations, reduced operating costs, and a more competitive business.

A web of APIs is at the core of many of today’s applications. Activley monitoring them for speed, load capacity, and reliability is critical to get a complete view of your users business journeys through your applications. Apica’s platform provides real-time performance monitoring of user flows, transactions and APIs so you can get to the root cause of issues long before your users do.

PreviousASM Monitoring Best PracticesNextIT Monitoring Guide

Was this helpful?