This is where we like to play—the not so clearly defined border of API observability and API monitoring. It’s why our tool was built. We wanted to help startup teams with the heavy-lifting.
API Monitoring and API Observability
While API monitoring enables you to check for uptime and take action if your API has time-outs or responds with 500 errors, it is also limited due to it being a blackbox form of monitoring with assertion checks created ahead of time.
The test or probe is already known ahead of time which means API monitoring is unable to answer arbitrary questions on how your API is behaving. Instead, API monitoring can only check on the traffic that it generates, not actual customer API traffic. As more APIs are exposed to the internet, there are new requirements to explore and find unknown unknowns for preventing API threats, troubleshooting customer issues, and understanding API usage. These requirements led to the emergence of API Observability.
What is API Observability?
API observability emerged because of some particular use cases that exposed limitations in traditional API monitoring.
API observability is a form of whitebox monitoring that requires an agent or SDK to passively log API traffic to an observability service. This data collection can be done within the application or add a different point such as with an API gateway like Kong or NGINX.
Tenets of API Observability
There a certain pillars that make API observability what it is, viz:
- API Logs
- API Metrics
- API Analytics
- API Traces
1. API Logs
An API observability platform such as APIToolkit has the ability to inspect API calls in real-time for debugging and auditing. API logs show you the exact calls that your APIs make in an instant in time.
An API is intrinsically structured unlike traditional logging, this means that API logs can also be used for generating aggregations and metrics while maintaining context. Albeit, API calls can have a large number of HTTP headers, body keys, and attributes. Therefore your API observability tool should be capable of filtering and aggregating them without relying on a full scan of your data store.
It’s important to note that GDPR and CCPA require new procedures for areas like API logs which are used across the company from security teams to business teams. A person can no longer dump API logs into a log management solution. Instead, API businesses need a way to export and delete (or anonymize) all the associated logs and events specific to a single customer.
This means API logs have to be tied to some permanent user identifier (and not just API keys that are rotated).
2. API Metrics
API metrics help companies understand the operational performance of APIs, and their contribution to the business. Business users will want to know the impact of APIs on business outcomes (how many new customers have signed up through an API channel), while enterprise architects will be more interested in metrics indicating the performance of the API platform—the number of API calls.
Some metrics tracking tools can only monitor single-value metrics like requests per minute. However, a key theme for observability is the ability to answer any question about your API and services without planning ahead for which metrics need to be monitored. This is where high-cardinality, high-dimension metrics, and data stores come in handy to explore and answer unknown unknowns with the ability to slice and dice instantly.
3. API Analytics
Unlike API metrics and logs which focus on answering engineering-specific questions, API analytics is focused on answering product and business-related questions. API analytics in a nutshell is the convergence of API metrics with data on who the customers are and how they are using your APIs. Many times API analytics tools can pull data from other systems like your CRM or marketing automation tools so you’re able to map out the customer journey.
API Analytics and Monitoring includes both engineering-focused metrics such as performance and uptime, but also tracking customer and product metrics such as engagement, retention, and developer conversion.
4. API Traces
APIs contain timing information on when the request was initiated, and how long it took the service to respond among other times—as APIs are transactional in nature.
API traces make it easy to understand how long different services take to respond and where timing errors can occur. Traces enable you to further explore which logs to look at for a particular session or related set of API calls.
API Monitoring refers to the practice of monitoring Application Programming Interfaces, most commonly in production, to gain visibility into performance, availability, and functional correctness. API Monitoring tools are designed to help you analyze the performance of your applications and improve poorly performing APIs.
They provide measurements of how long a routine takes to execute, how often it is called, where it is called from, and how much of total time is spent executing that transaction.
An API monitoring tool initiates API calls against your chosen endpoints and then records the response received. Additional checks can be added such as creating a Trello alert on a 500 error or timeout. The test can be started either on a trigger (such as when a new version is deployed by your CI/CD pipeline) or on a recurring schedule (such as every 1 minute). API monitoring tests can be simple such as simple health and uptime checks or can be very elaborate running through a long sequence of API calls and checking against specific status codes, body fields, and more.
If you’re looking to ship APIs with speed and confidence, then you need an API observability platform like ours. APIs provide the window to the rest of your companies infrastructure and enable entirely new digital experiences, but traditional monitoring can only answer already known questions like “Is my API down”, but cannot answer arbitrary questions required for data-driven engineering and business teams, nor report on actual customer API usage needed for security and product analytics.
As an API observability and monitoring platform, we have all your bases covered.