Gone are the days of apps that rely solely on in-house tools. Today’s apps are increasingly dependent on external APIs and apps (which, in turn, are reliant on other APIs and apps). While this type of modularity allows for product flexibility and rapid development, it can be difficult to address any issues that arise. If even one component of this chain breaks, it can have a domino-effect on its dependents, whereas a similar failure in the closed systems of yesterday would have just led to an isolated incident. As such, if your product relies on external APIs, it is important for you to monitor for more than just availability. You will also need to keep tabs on performance, data validation and processes, feature changes, and security.
Remember: It doesn’t matter if you own it or not. If it impacts your user, you should care about it.
Monitor for Availability
At the most basic level, API monitoring checks to see if the resource is available (and therefore responding to calls) or not. However, with the increasing levels of inter-dependence of apps on other apps, you should strongly consider monitoring the availability of the resources your APIs rely on as well. Receiving notifications about any possible breaks in the chain of dependence allows you to act appropriately to ensure that your site or app stays online even if others do not.
Monitor for Performance
So, an API returns calls correctly. That’s all there is to it, right? Actually, wrong. Even if an API returns calls correctly, you will want to ensure that it is performant. How quick are the responses? Are the response times degrading (even if they are still pretty quick)? Does the API’s performance vary in different environments (such as in development vs. production)?
Any of these issues, whether it’s caused by the APIs you call or ones down the line, means that your product is slow as well. You may not be able to control the API’s performance.But, there are things you can control, such as whether or not your app relies on this API or if you need to implement temporary changes that address the way the data is coming back to you.
Monitor for Data Validation & Multi-Step Processes
What if your API is available and responding to requests, but what it sends back isn’t correct or isn’t formatted the way you’re anticipating? This is why you should test regularly to ensure that your systems are getting what they need to carry out tasks.
Additionally, you should check to see if any multi-step processes you carry out once you’ve received the response also work as expected. Can you cache data from calls to save on repeat calls to the API? Does your authentication work as expected?
Monitor for Feature Changes
When you have functionality that depends on the performance of an external service, you’ll want to ensure that your app remains compatible with the service. Regardless of whether the changes are a result of new releases or bug fixes, your base code may not work with the service from generation to generation.
Monitor for Security
Be wary of any packages that you’ve used or included in your product, as well as any integrations you’re using. Not only can this be a way to introduce bugs into your product, you can open yourself up to security vulnerabilities if the external source becomes compromised or doesn’t include the appropriate precautions. For example, if you’ve included a third party dependency to implement photo uploading functionality and the package doesn’t include type checking to ensure that users can only upload photos, someone might attempt to upload an executable that’s then run natively on your system.
Because of the high stakes associated with any type of downtime, you’ll want to monitor your dependencies to ensure that everything is working as expected. You might not have any control over the third party tools you use, but you can definitely assume failure, code appropriately, and plan for the worse-case scenario. Additionally, with comprehensive monitoring, you’ll know right away if you need to take action to keep your product up and running.