Welcome!

@DevOpsSummit Authors: Zakia Bouachraoui, Liz McMillan, Yeshim Deniz, Pat Romanski, Elizabeth White

Related Topics: @DevOpsSummit, Java IoT, Microservices Expo, @CloudExpo, @ThingsExpo

@DevOpsSummit: Article

APIs: A Costly Blind Spot | @CloudExpo #API #IoT #DigitalTransformation

The increased adoption of APIs brings with it some exciting opportunities

APIs: A Costly Blind Spot for Your Application
by Priyanka Tiwari

APIs have taken the world by storm in recent years.

The use of APIs has gone beyond just traditional "software" companies, to companies and organizations across industries using APIs to share information and power their applications.

According to SmartBear's State of API 2016 Report:

  • More than half of API providers began developing APIs within the last five years.
  • 1 in 5 API providers began developing APIs in the last two years alone.

The increased adoption of APIs brings with it some exciting opportunities.

For some organizations, APIs are the biggest revenue drivers. For example, Salesforce generates nearly 50% of annual revenue through APIs. In other cases, APIs can increase a business's footprint and initiate collaboration. Netflix, for example, reported over 5 billion calls per day to its API in 2014.

Increasingly, more organizations are adapting 3rd party or public APIs to accelerate R&D and leverage external programming talent. For example Visa, a leading player in highly regulated payment processing industry, recently released a set of APIs that includes 150 endpoints across all Visa products and welcome partners to their API ecosystem.

Another example of a thriving API ecosystem is Fitbit. Who reportedly saved over $1 million in R&D when it opened its APIs in 2011. Since then, hundreds of apps use FitBit APIs to collaborate and innovate.

What does this all mean for you?

All of these examples highlight the incredible opportunity that APIs present. But they also show the importance of API performance. Whether a business is using APIs to generate revenue, increase collaboration, or reduce costs - they need APIs to function properly at all times.

The importance of API performance isn't limited to organizations that provide APIs. For example, if your application depends on a third party API to complete a critical function for your users, you also need to be concerned about how that API is performing.

When an API breaks or malfunctions, your application feels the effects and so do your users.

  • One-third of API consumers will consider switching API providers permanently upon encountering an API quality issue.
  • 31% of consumers will report the problem externally to peers, customers, or partners.

When your application lags or crashes as the result of a problem with a third party app, your users will look to you for a solution and will associate a poor experience with your application, even if the issue is beyond your control.

Unfortunately, when SmartBear asked API consumers about the average time it takes providers to resolve an API quality issue, less than 10% said that issues are resolved within 24 hours. Nearly 1-in-4 said that quality issues remain unresolved for one week or more.

Bottom Line: Simply checking that your API is available is not enough.

If you look closely, APIs are not so different than your other online assets like websites, web applications, and mobile applications. They need to be up and running at all times, need to perform within a threshold defined by the consumer, and need to be functionally correct for all end users.

Gone are the days when performance could be measured in seconds. API performance is measured in milliseconds and simply 1/20th second of a delay could lead to unacceptable user experience and unsatisfied end user.

Functional correctness for APIs is as critical if not more as API availability. If the API doesn't return the right data at right places, it's as good as broken for your app.

What can you do?

First, spend the time to map out your expectations around uptime and response time.

Synthetic monitoring can be used to understand performance of third-party APIs before in pre-production environments. Proactively monitoring your APIs will help understanding infrastructure requirements of your APIs. This step will also help identify API's contribution to the availability and performance of your application.

Next, address the challenges that could keep you from resolving an API issue.

According to the State of API 2016 Report, the three biggest barriers to solving API issues are:

  • Determining the root cause of the issue (45%)
  • Isolating the API as being the cause of the issue (29%)
  • Engaging the correct person(s) to fix the problem (25%)

Addressing these challenges before an issue occurs will limit the amount of time it takes to resolve problems with your API.

Finally, you'll want to invest in the necessary tools to protect your application from API performance problems.

Proactively monitoring the APIs you consume will help you ensure availability, performance and functional correctness of your APIs and the applications that use them. Proactively monitoring the applications for all diverse user cases will help you find and fix issues before they impact your end users. Correlating API performance with the application performance will help you improve overall application performance and isolate faulty components in case of performance degradation.

When setting up your first API monitor, there are a few important steps you'll need to consider:

  • Re-use functional tests from development: Given that your functional API tests are set up to assert and provide relevant error messages, the corresponding API monitors will have the ability to give you much more detailed error information for root cause analysis than regular availability monitors.
  • Create tests that mimic your use cases: If you are mainly integrating with 3rd party APIs, need to make sure that you know about their failures before your users notice. Here it is essential that the monitors you create actually mimic how you use that API. Monitor the entire flow of your use cases; don't just monitor the first API request; monitor them all, in sequence - just like your application uses them.
  • Use a dedicated account: Many (most) APIs require you to specify some kind of credentials or access key in your requests; make sure you are using a dedicated account(s) for your monitoring, both for your own APIs and 3rd party ones.

With the right plan, you'll be able to cover your application's blind spot and ensure that your APIs and apps are exceeding user expectations.

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.

@DevOpsSummit Stories
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
Hackers took three days to identify and exploit a known vulnerability in Equifax’s web applications. I will share new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 4th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert research and analysis.Attendees can join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.
DXWorldEXPO LLC announced today that Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine intelligence.
So the dumpster is on fire. Again. The site's down. Your boss's face is an ever-deepening purple. And you begin debating whether you should join the #incident channel or call an ambulance to deal with his impending stroke. Yes, we know this is a developer's fault. There's plenty of time for blame later. Postmortems have a macabre name because they were once intended to be Viking-like funerals for someone's job. But we're civilized now. Sort of. So we call them post-incident reviews. Fires are never going to stop. We're human. We miss bugs. Or we fat finger a command - deleting dozens of servers and bringing down S3 in US-EAST-1 for hours - effectively halting the internet. These things happen.
The digital transformation is real! To adapt, IT professionals need to transform their own skillset to become more multi-dimensional by gaining both depth and breadth of a wide variety of knowledge and competencies. Historically, while IT has been built on a foundation of specialty (or "I" shaped) silos, the DevOps principle of "shifting left" is opening up opportunities for developers, operational staff, security and others to grow their skills portfolio, advance their careers and become "T"-shaped.