What Key API Metrics Should You Monitor?
Availability or Uptime
API availability or uptime is a percentage measurement that is often represented as 99.9% or 99.99%. Sometimes, the same is calculated as downtime-per-year as an overall average.
CPU and Memory Usage
High CPU usage and memory usage of the API host server is a sign of an overloaded virtual machine, container, or API gateway node. This would slow your API performance.
You can measure CPU usage across a cluster that hosts your application’s API code, as well as the number of processes waiting to run which is also known as CPU load or run-queue-size. Memory can be simply measured as a percentage of available memory that is in use.
API Consumption measures as requests-per-minute, requests-per-second, or queries-per-second. You can batch multiple API calls into a single API call with a flexible pagination scheme to lower the API consumption.
Note that synthetic monitoring isn’t meant to measure the consumption rate, since it emulates individual transactions instead of monitoring the aggregated volume of transactions. The telemetry instrumentation to measure and report the consumption rate is typically engineered into the API’s design at the onset or monitored with an Application Performance Monitoring (APM) tool.
Response time is a tricky metric to measure with third-party APIs because the recording latency may be an aggregation of both problematic slow endpoints and the network itself. The best approach to monitoring the latency is to use an API monitoring tool that can separately report the network latency and the API response time.
The size of the payload (the JSON file posted to or retrieved from the API) has a large impact on the latency. This is why synthetic API monitoring should be performed with both small and large payloads.
Error rates (like errors-per-minute and error codes) give you granular details in tracking down problems in individual APIs. For example, error codes in the 400 to 500 range imply problematic APIs or web service providers.
However, there can also be faulty APIs responding with an 200 OK status that was not designed using the correct HTTP status code. Synthetic monitoring tools can compare the result of a test with an expected value to confirm the accuracy of the API response, beyond the status code.
Unique API Consumers
Unique API consumers metric provides insights on the overall growth and health of new customer acquisitions based on monthly active users count. A sudden drop of consumers during peak operating hours is interpreted as a symptom of an underlying application platform problem.
Tips for Debugging an API
Check / Compare Responses
The easiest and the first method for tracking down problems with APIs is to check the HTTP status code. A 400 bad request means an API request with invalid syntax that you probably have to review for typos.
401 requests have invalid or missing authentication credentials that can often be resolved with a proper authentication such as an OAuth token. Other common mistakes include forgetting the space in a prefix, or adding the required colon after a username even if there is no password.
In a scenario where the intent is to check the API’s availability only, it would be acceptable to "assert" (or accept) a 401 code since. This is because even though "401 unauthorized" was received, it means that the API was available.
Check / Compare Headers
Checking the API response code and applying the corresponding debugging method can sometimes fail to resolve API errors. In those cases, check and compare HTTP headers for additional information. Some APIs accept requests that don’t contain Accept for Content-Type information. However, many require this to be specified.
JSON schemas are used to document API endpoints. JSON parsing tools can be used to debug API endpoints. These tools let you create tests for API endpoints and validate syntax.
How to Choose the Right API Monitoring Tool?
Prioritize Tools Integrable Into Your CI/CD Pipeline
As discussed above, API monitoring is integrable into the test automation process on your CI/CD pipeline. Therefore, the tool you select to use to monitor and control APIs should be able to integrate with your CI server (e.g., Jenkins or Github integration).
Never Trade-in API Privacy
Some tools use third-party SaaS platforms that require you to open certain ports on your firewall to monitor internal APIs that are not publicly reachable. These, in turn, expose a security risk. That’s why it is so important to choose the right API monitoring solution, taking into consideration the API type you want to monitor and control. Tools able to exercise your private APIs from inside your firewall are best suitable for this use case.
Tools Combining Both API Testing and Monitoring Win Ahead
API testing followed by API monitoring creates a comprehensive end-to-end API performance evaluation process for applications. That’s why it is to your advantage to use a tool that can provide both testing and monitoring functionality. With such a solution, your team has a 360-degree view of API quality and performance on a single screen.
Final Thoughts About API Monitoring and Testing
API monitoring and testing are not daunting tasks when you pair the right techniques with the right tools. Accurate API monitoring and testing data will enable you to improve application performance, avoid production outages, and improve customer satisfaction.