APIs revolutionized the digital landscape by introducing a new level of programming flexibility and ease of integration. Organizations turned to APIs to push innovation and creating an API economy. It was a key driver in the eCommerce industry, businesses like eBay leveraged APIs to generate additional revenue. eBay introduced APIs twenty years ago providing developers a platform to build applications that improved businesses. Today, eBay’s APIs generate over a billion dollars in business.
APIs have become indispensable over the last two decades and this only makes it even more important to monitor and track the impact of APIs on application performance and end-user experience. In this post, we will take a look at the critical role of APIs and discuss the changes you need to make in your API observability strategy to maintain performance.
Scaling the API Economy
APIs are a critical component in almost every business. APIs enable application extensibility, allowing disparate systems to connect and exchange data securely. The “API economy” essentially creates a platform allowing businesses and their customers to innovate and improve services. Several digital services and initiatives, such as open banking and enterprise integrations are key drivers of the current API economy.
Open banking APIs enable financial institutions to provide fintech and third-party providers access to data from opted-in customers. Open APIs can –
- Help standardize products and services across regions
- Help unify services between multiple interfaces and products
- Helps develop innovative products to diversify the FinTech market
Based on the 2020 State of API Integration report, 83 percent of IT leaders consider API integrations to be critical to their business strategy. Enterprises and organizations rely on hundred of different APIs, many of which are third-party. These APIs have a direct impact on business operations, business revenue, and digital experience so it is important to:
- Monitor internal and external API performance
- Measure error count and set alert triggers as SLO thresholds are approached
- Manage access to data across teams and departments with integrations and API calls
Scaling the API economy demands improved API monitoring and testing capabilities. Basic single URL or browser uptime monitoring cannot provide insights into critical API components. An enhanced API monitoring strategy should account for:
- Points of failure between third-party API integrations, network connectivity, etc.
- Verification that APIs are returning the correct data
- Gain visibility into microservices within your infrastructure
- Ensure API integration is functional and available worldwide
What is API Management Today?
API monitoring is an integral part of application monitoring. To monitor APIs effectively, you must first understand where API monitoring is relevant within the API management lifecycle.
Fig 1 (Source: Zdenek Z. Nemec & Luis Weir, Enterprise API Management)
The image (Fig 1) above illustrates a typical API management lifecycle. It is in the “Observe” stage of the lifecycle that monitoring comes into play. In Fig 2, we do a further break down to show how monitoring applies within the application delivery chain. The end user (consuming application) can be a web or mobile client, to ensure complete visibility we must monitor –
- The API gateway service that manages API Calls (API monitoring)
- All internal application services (service monitoring)
- Correlate front end API service with back end service (end-to-end monitoring)
At Catchpoint, we evaluate monitoring strategies against the four pillars of digital experience monitoring – availability, reachability, performance, and reliability. The same applies to API monitoring to gain visibility into different levels of the API service.
Fig 2 (Source: Zdenek Z. Nemec & Luis Weir, Enterprise API Management)
API Observability Trends
API observability has evolved from relying only on endpoint availability monitoring to a more comprehensive strategy that measures the impact on end-user experience. For improved and effective monitoring, here are some key trends to consider.
1. Measure all APIs appropriately
Applications use several different APIs that control critical functionalities. In complex service-oriented architectures, there can be thousands of APIs powering the application. These APIs serve a specific purpose and can be broadly categorized into System APIs, Experience APIs, and a combination of first and third-party APIs. ‘System’ APIs handle internal/external processes that power the application while the ‘Experience’ APIs are usually used to send data to the web and mobile applications.
These different APIs work in an interconnected system and the performance of a specific API service can impact other APIs. For example, if system APIs are down then the experience APIs will be unable to return valid data.
If an application is using external APIs then make sure to measure the availability, reachability, performance, and reliability of each first and third-party external API. There are a lot of factors to consider:
- Where are these APIs hosted? (Cloud, OnPrem or third-party)
- What type of services are used for delivery? (DNS or CDN)
- What type of networks and devices is the end user traffic coming over? (backbone, last mile, or wireless networks)
- How many third-party dependencies do these APIs have?
These factors must be accounted for even in the case of internal API services that are owned and managed by businesses or enterprises themselves.
2. API monitoring is more than uptime monitoring
Measuring API availability is critical, but a response code check does not provide the full picture. Switch from a status check to a more comprehensive API monitoring this means running multi-step transactions capable of inspecting and verifying the data returned. This will help identify any corrupt data and related performance issues.
For example, open banking APIs need enhanced security as it deals with sensitive financial data.
This requires interactive scripting to request tokens, storing and verifying them to complete the two-step authentication process. So, the monitoring tool must consider the security aspect while tracking each step in the process.
API failure can result from several reasons such as connection/timeout issues, DNS/SSL issues, or corrupt data issues. The chart below highlights all the different API failures which cannot be captured with just availability monitoring.
3. See how each API impacts the user experience
Measure the impact of API performance from the end-user perspective. The time it takes for an application to load and the time taken to become interactive determines how the end user perceives performance, so it is important to measure metrics such as First Paint, Visually Complete, Time to Interactive, etc. using Synthetic and Real User Monitoring (RUM). The data from these tools will help identify API calls that may be impacting performance.
In the chart above, the daily trend in RUM data shows a noticeable spike in visually complete and time to interactive measurements. The slow performance for users has a direct impact on the website traffic as seen in the second chart plotting page views.
Such incidents could result from frontend API calls that may be experiencing performance issues. Combining the passive RUM data with proactive Synthetic API monitoring, we can find the cause of the latency issues. In this scenario, it was due to high server response times (as seen in the charts below).
4. Correlation and investigation
To troubleshoot and resolve API issues we need to correlate the performance data with API responses that are usually full of useful data.
To understand performance degradation, it is important to track as much data as possible. For example, in the chart above we see a gradual dip in performance over time. Each API call can provide insight into the servers and datacenters while request and trace IDs can be used to track and correlate with other systems. In the chart below, we plot data from the API call, breaking down the data by datacenter and this helps us identify exactly where the failures are.
In a similar manner, we can also break down data by API version/build to identify issues in a particular version or build.
5. API reliability – SLAs and SLOs
You may have an application with an SLA of 99.99 percent uptime, but the reality is there are multiple dependencies on independent APIs. This means that the SLA is critically tied to the SLOs of those independent APIs and the performance degradation of any of these APIs can cascade down and impact the overall SLA. This makes it vital to measure API reliability over different timeframes and different locations. API Reliability is best measured using a third-party measurement system that is independent of the application. The data from an independent and neutral party will keep every service provider accountable.
The value of API management is undeniable, API integrations are a critical component of every major business strategy. From financial service providers to global telcos, to digital marketplace platforms, APIs drive digital business. API observability requires a multi-pronged approach that does not rely solely on availability tests.
- Measure all APIs appropriately from the multiple points to identify and fix issues faster.
- Monitor more than just uptime as there are a lot of processes under the hood that impacts overall performance.
- Capture Performance from the end user perspective, it is important to measure from the user’s perspective for a better end-user experience.
- Correlate frontend and backend APIs for troubleshooting, use an intuitive tool that not only measures performance but also allows data breakdown and analysis.
- Maintain API Reliability, it is recommended to use a third party to help uphold SLAs.
Find out more about our industry-leading API Observability solution.