Welcome!

@DevOpsSummit Authors: Yeshim Deniz, Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan

Related Topics: @DevOpsSummit, Microservices Expo, @CloudExpo

@DevOpsSummit: Blog Feed Post

Monitoring Your APIs | @DevOpsSummit #API #DevOps #Microservices

Gone are the days when SOAP, REST and microservices were buzzwords that did not apply to you

Why You Should Be Monitoring Your APIs
by Priyanka Tiwari

Gone are the days when SOAP, REST and microservices were buzzwords that did not apply to you.

Gone are also the days when monolithic applications were built by organizations end-to-end.

The availability of specialized components and services from different organizations and the access to these components through RESTful services has resulted in a major inflexion point with APIs becoming the mechanism for data interchange and systems to interact.

Most organizations are familiar with the benefits of developing APIs that can be shared publicly and used by other third-party applications. These benefits include:

  • New acquisition channel: API driven channel can provide 26% more CLTV than other channels.
  • Upselling: Create demand for high-priced features by making them available through an API.
  • Affiliate marketing: Turn 3rd party developers into affiliates of your app or become an affiliate yourself.
  • Distribution: Enable 3rd party apps to get your content or products, grow with them.

But public or external APIs are just one part of the API ecosystem. In fact, when SmartBear software surveyed more than 2,300 software professionals about how their organizations use APIs, 73% said they developed both internal and external APIs.

API Audiences - Blog

Organizations across a wide variety of industries are currently developing APIs including: financial (70%), government (59%), transportation (54%), and healthcare (53%).

Even if you don't develop APIs, there's a good chance you rely on them to power your applications or accelerate internal projects.

When we asked why organizations are using/consuming APIs, we found that improving functionality, productivity, and efficiency were all top concerns:

  • 50% use APIs for interoperation between internal systems, tools, and teams
  • 49% use APIs to extend functionality of a product or service
  • 42% use APIs to reduce development time
  • 38% use APIs to reduce development cost

Why Consume APIs - Blog

As you strive to deliver world class websites, web applications, mobile and SaaS applications, it's critical to make sure the APIs that empower them are running smoothly.

It is a common conversation in planning meetings to talk about which APIs we need to expose to the outside world in order to drive business and, in some cases, to build APIs into the product roadmap. With so much emphasis on the tiny API, it's important to recognize its inherent power and make sure you build the appropriate safeguards to protect it.

If you are charged with building and supporting APIs in your group or you are embracing a service oriented architecture for the design and delivery of an entire app or set of apps, it will be required that you monitor these APIs at all times to ensure that the consumers of the API and it's services have access to it at all times.

It is also likely that you are consuming services provided by other groups or external partners to provide the capabilities in your app or apps. These need to be monitored as well.

API failures are often the most critical failures

In our newest infographic, How APIs Make or Break success in the Digital World, we look at three high profile examples of API failures:

  • January 2015: Facebook and Instagram servers went down for about an hour taking down Facebook and Instagram, and impacting a number of well-known website including Tinder and HipChat.
  • September 2015: Amazon Web Services experienced a brief disruption that caused an increase in faults for the EC2 Auto Scaling APIs.
  • January 2016: Twitter API experienced a worldwide outage that lasted more than an hour, impacting thousands of website and apps.

APIs issues are not unique to big name companies like Facebook and Amazon. Your application may run on an API from a smaller organization - do you really know how much work has been done to test the capacity of that API? Whether you're integrating with a third party API or developing APIs of your own, any disruption could impact your productivity and negatively impact your end users.

Or, as Arnie Leap, CIO, 1-800-FLOWERS explains:

"The performance of our tech stack is technology job number one for us at 1800flowers.com, Inc. Our customers trust that we will deliver smiles on time with the highest quality and integrity. Our enterprise API and services layers are held to extremely high levels of performance to help us achieve our customer experience goals. They are in the "middle" of everything we do!"

If you've made your API available to other developers, either in a controlled fashion to trusted partners or in a public way to anyone with a developer/production key, you take on a responsibility to ensure that nothing affects the API's performance.

You will have to worry about three areas when it comes to monitoring your APIs:

  • Availability: Is the service accessible at all time?
  • Functional Correctness: Is it responding with the correct payload made up of the correct constituent elements?
  • Performance: Is it responsive and coming back with the correct response in an acceptable time frame?

When setting up monitors for your APIs, it's important to consider that performance may differ if your APIs interact with multiple audiences - whether it's an internal, external, or public API. For example, internal APIs will typically perform faster than a public solution, where there are a lot of users coming to consume that data. So, you'll want to establish different standards and SLAs for each of those groups.

Once you've created your monitors and established your acceptable thresholds, you can set up alerts to be notified if performance degrades or the API goes offline. Choose the interval that you'd like to test the performance of the API while in production. This allows you to find problems and fix them before they impact your customers. You can also choose a variety of locations to test from, both inside and outside of your network. This will allow you to test your APIs live, in production, from the geographies where your customers are.

Getting started with API monitoring
When we asked software professionals about the tools they were using to deliver high quality APIs, we found that while a majority of teams are doing functional testing (71%), less than half are monitoring APIs while in production (48%).

Luckily, with an API monitoring tool like AlertSite, you can re-use the functional tests you have setup with a tool like SoapUI to create monitors for your APIs.

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.

@DevOpsSummit Stories
Hackers took three days to identify and exploit a known vulnerability in Equifax’s web applications. I will share new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 4th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert research and analysis.Attendees can join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.
DevOpsSUMMIT at CloudEXPO, to be held June 25-26, 2019 at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 20% faster time-to-market, 22% improvement in quality, and 18% reduction in dev and ops costs, according to research firm Vanson-Bourne. It is changing the way IT works, how businesses interact with customers, and how organizations are buying, building, and delivering software.
The benefits of automated cloud deployments for speed, reliability and security are undeniable. The cornerstone of this approach, immutable deployment, promotes the idea of continuously rolling safe, stable images instead of trying to keep up with managing a fixed pool of virtual or physical machines. In this talk, we'll explore the immutable infrastructure pattern and how to use continuous deployment and continuous integration (CI/CD) process to build and manage server images for any platform. Then we'll show how automate deploying these images quickly and reliability with open DevOps tools like Terraform and Digital Rebar. Not only is this approach fast, it's also more secure and robust for operators. If you are running infrastructure, this talk will change how you think about your job in profound ways.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.