Blog Post

Demystifying API Monitoring and Testing with IPM

Published
September 10, 2024
#
 mins read
By 

in this blog post

APIs are the hidden heroes of our digital world. They are invisible to many customer experiences. As a result, it can be difficult to think of monitoring or testing them with a customer-focused lens. In this blog post, we hope to remove this difficulty and shine a light on the different ways Internet Performance Monitoring (IPM) can approach various API testing use cases with an eye on ensuring reliable, resilient experiences.

Imagine you’re developing an e-commerce platform where users can browse products, add items to their cart, and make purchases.

Your API may be part of the product that powers these transactions or may be delivered by a third party to power these transactions. Either way, these APIs are at the core that handles these interactions, and they should be proactively monitored with capabilities like those provided by IPM.

Types of API Monitoring or Testing Use Cases

Let us now take this simply described e-commerce situation and talk through different API monitoring or testing use cases. We’ll then offer some key ways to think about the value of IPM for each of the given use cases.  

Smoke Testing

Smoke Testing is a quick check to see if the API “catches fire” when it’s created or substantially changed. It checks for major, fundamental issues and is not meant to be exhaustive. Instead, it looks to ensure there are no major defects and, if not, considers it for further testing or evaluation.

In this use case, consider using IPM to automate these types of tests “as code”. This will enable them to be reviewed, reused, and repeated. Once treated “as code”, these tests can then be invoked on demand, instantly for future changes. The benefit here is they can be embedded at any stage of your CI/CD.

Functional Testing

Functional Testing ensures that when a user clicks “Buy Now,” the transaction is processed correctly, the payment is accepted, and the order is confirmed. It’s about verifying that the system performs its intended functions. You will want to check each individual function to ensure each part works correctly on its own. You will also want to check the output of the entire system works correctly.

In this use case, consider using advanced IPM features such as variables and API transaction monitors. For example, you may want to double-check an item that is about to go on sale. Using a variable can improve the efficiency of these functional tests, and those variables can be re-used across other monitors, other transactions, or other test use cases. You can also extract any header or response part to turn it into a custom indicator or variable. This may be helpful, for example, if a functional test invokes a set of microservices behind a gateway.

Integration Testing

Integration Testing is like making sure the payment gateway can communicate with your platform to process transactions. This is just a simple example, though. The reality is many, many APIs must instantly work together across a complex mesh of Internet Stack components. And integration testing helps ensure APIs work together as part of the larger architecture.

In this use case, IPM can ensure network connectivity or reachability power resilient integrations. If “it’s always the network”, then IPM can tell you whether this is true. This is important because if it is not the network, then it may be something else like authentication or performance, which brings us to our next use case.

Performance Testing

Performance Testing answers the question, “If the API is available and functioning, then is the response fast or slow?” For performance testing, it is crucial to understand most performance data are across a distribution and require advanced analytics to look at performance (across that distribution). In other words, running a handful of performance tests at the source will likely not give you an indicator for how the system performs across the many dimensions of a user experience. Dimensions like which cloud is responding, from which ISP they are accessing, or how the front end paginates API responses can all affect performance.  

In this use case, IPM provides advanced analytics across many dimensions allowing you to slice and dice the data as needed. For example, you can look at any percentile, chart a cumulative function, or draw a frequency histogram to identify any ‘long tail’ outliers.  

Load Testing

Load Testing simulates a scenario where many users are browsing and making purchases at the same time. You need to ensure your API can work under load without any issues. Running a load test during a major sale event, such as Black Friday, when thousands of users are making purchases simultaneously, is a good example. This type of testing is also a good exercise to go through pre-event. You need to ensure the system can handle the load without slowing down or crashing.

In this use case, IPM provides access to the world’s largest active testing and monitoring network. With this network, you can simulate many users trying to concurrently perform a function on your site. Another unique IPM capability will be to track your performance indicators against Service Level Objectives (SLOs) or Experience Level Objectives (XLOs) and configure alerts if they are not met. Consider this. According to the 2024 SRE Survey, 53% of respondents said, “Slow is the new down” and 44% of respondents said performance should be tracked against an objective.

Resilience Testing

Resilience Testing is the continual assurance of your API platform, architecture, or ecosystem (read ‘third parties’) to ensure their availability, performance, reachability, and reliability – despite adverse conditions. These adverse conditions may be the result of you making a code change or an update. But these conditions may also be the result of the user’s environment. So continual resilience testing is based on the idea that ‘the only constant is change’.

We want to ensure resilience for the user experience no matter how volatile their environment or journey points of interconnection may be. Resilience testing is rooted in the ideas of regression or reliability testing but incorporates the boundaries of the Internet Stack since this entire post is about ensuring great experiences. To ensure great resilience, you must monitor what matters, from where it matters, to get to the answers faster.  

Why IPM is essential for comprehensive API Monitoring

By performing all these types of monitoring and testing, you ensure that your APIs – and your third parties’ APIs – are robust, functional, and performant under various conditions, providing a seamless and safe shopping experience for users. IPM plays a key role in this.

With comprehensive monitoring, IPM provides deep and wide visibility into the entire Internet Stack, ensuring that all components involved in API interactions are functioning correctly. It is important to remember that Internet Stacks will [probably] be different in different parts of the world. These stacks may also include third parties’ requests where passive agents have no monitoring reach. Only IPM will be able to give comprehensive monitoring for your entire Internet Stack.

Last, the ability to seamlessly integrate other Internet Stack telemetry allows you to understand the impact of individual components – like APIs – on the resulting user experience. Products like Tracing and WebPageTest allow for in-depth analysis of API performance, pinpointing bottlenecks and optimizing speed and reliability. With Catchpoint’s IPM, seamlessly integrate with them and other telemetry like Internet Sonar or Internet Stack Map all in a cohesive, unified platform. Together, this will allow IT teams to detect and address potential issues before they impact operations or customer satisfaction.

APIs are the hidden heroes of our digital world. They are invisible to many customer experiences. As a result, it can be difficult to think of monitoring or testing them with a customer-focused lens. In this blog post, we hope to remove this difficulty and shine a light on the different ways Internet Performance Monitoring (IPM) can approach various API testing use cases with an eye on ensuring reliable, resilient experiences.

Imagine you’re developing an e-commerce platform where users can browse products, add items to their cart, and make purchases.

Your API may be part of the product that powers these transactions or may be delivered by a third party to power these transactions. Either way, these APIs are at the core that handles these interactions, and they should be proactively monitored with capabilities like those provided by IPM.

Types of API Monitoring or Testing Use Cases

Let us now take this simply described e-commerce situation and talk through different API monitoring or testing use cases. We’ll then offer some key ways to think about the value of IPM for each of the given use cases.  

Smoke Testing

Smoke Testing is a quick check to see if the API “catches fire” when it’s created or substantially changed. It checks for major, fundamental issues and is not meant to be exhaustive. Instead, it looks to ensure there are no major defects and, if not, considers it for further testing or evaluation.

In this use case, consider using IPM to automate these types of tests “as code”. This will enable them to be reviewed, reused, and repeated. Once treated “as code”, these tests can then be invoked on demand, instantly for future changes. The benefit here is they can be embedded at any stage of your CI/CD.

Functional Testing

Functional Testing ensures that when a user clicks “Buy Now,” the transaction is processed correctly, the payment is accepted, and the order is confirmed. It’s about verifying that the system performs its intended functions. You will want to check each individual function to ensure each part works correctly on its own. You will also want to check the output of the entire system works correctly.

In this use case, consider using advanced IPM features such as variables and API transaction monitors. For example, you may want to double-check an item that is about to go on sale. Using a variable can improve the efficiency of these functional tests, and those variables can be re-used across other monitors, other transactions, or other test use cases. You can also extract any header or response part to turn it into a custom indicator or variable. This may be helpful, for example, if a functional test invokes a set of microservices behind a gateway.

Integration Testing

Integration Testing is like making sure the payment gateway can communicate with your platform to process transactions. This is just a simple example, though. The reality is many, many APIs must instantly work together across a complex mesh of Internet Stack components. And integration testing helps ensure APIs work together as part of the larger architecture.

In this use case, IPM can ensure network connectivity or reachability power resilient integrations. If “it’s always the network”, then IPM can tell you whether this is true. This is important because if it is not the network, then it may be something else like authentication or performance, which brings us to our next use case.

Performance Testing

Performance Testing answers the question, “If the API is available and functioning, then is the response fast or slow?” For performance testing, it is crucial to understand most performance data are across a distribution and require advanced analytics to look at performance (across that distribution). In other words, running a handful of performance tests at the source will likely not give you an indicator for how the system performs across the many dimensions of a user experience. Dimensions like which cloud is responding, from which ISP they are accessing, or how the front end paginates API responses can all affect performance.  

In this use case, IPM provides advanced analytics across many dimensions allowing you to slice and dice the data as needed. For example, you can look at any percentile, chart a cumulative function, or draw a frequency histogram to identify any ‘long tail’ outliers.  

Load Testing

Load Testing simulates a scenario where many users are browsing and making purchases at the same time. You need to ensure your API can work under load without any issues. Running a load test during a major sale event, such as Black Friday, when thousands of users are making purchases simultaneously, is a good example. This type of testing is also a good exercise to go through pre-event. You need to ensure the system can handle the load without slowing down or crashing.

In this use case, IPM provides access to the world’s largest active testing and monitoring network. With this network, you can simulate many users trying to concurrently perform a function on your site. Another unique IPM capability will be to track your performance indicators against Service Level Objectives (SLOs) or Experience Level Objectives (XLOs) and configure alerts if they are not met. Consider this. According to the 2024 SRE Survey, 53% of respondents said, “Slow is the new down” and 44% of respondents said performance should be tracked against an objective.

Resilience Testing

Resilience Testing is the continual assurance of your API platform, architecture, or ecosystem (read ‘third parties’) to ensure their availability, performance, reachability, and reliability – despite adverse conditions. These adverse conditions may be the result of you making a code change or an update. But these conditions may also be the result of the user’s environment. So continual resilience testing is based on the idea that ‘the only constant is change’.

We want to ensure resilience for the user experience no matter how volatile their environment or journey points of interconnection may be. Resilience testing is rooted in the ideas of regression or reliability testing but incorporates the boundaries of the Internet Stack since this entire post is about ensuring great experiences. To ensure great resilience, you must monitor what matters, from where it matters, to get to the answers faster.  

Why IPM is essential for comprehensive API Monitoring

By performing all these types of monitoring and testing, you ensure that your APIs – and your third parties’ APIs – are robust, functional, and performant under various conditions, providing a seamless and safe shopping experience for users. IPM plays a key role in this.

With comprehensive monitoring, IPM provides deep and wide visibility into the entire Internet Stack, ensuring that all components involved in API interactions are functioning correctly. It is important to remember that Internet Stacks will [probably] be different in different parts of the world. These stacks may also include third parties’ requests where passive agents have no monitoring reach. Only IPM will be able to give comprehensive monitoring for your entire Internet Stack.

Last, the ability to seamlessly integrate other Internet Stack telemetry allows you to understand the impact of individual components – like APIs – on the resulting user experience. Products like Tracing and WebPageTest allow for in-depth analysis of API performance, pinpointing bottlenecks and optimizing speed and reliability. With Catchpoint’s IPM, seamlessly integrate with them and other telemetry like Internet Sonar or Internet Stack Map all in a cohesive, unified platform. Together, this will allow IT teams to detect and address potential issues before they impact operations or customer satisfaction.

This is some text inside of a div block.

You might also like

Blog post

Catchpoint Expands Observability Network to Barcelona: A Growing Internet Hub

Blog post

Demystifying API Monitoring and Testing with IPM

Blog post

The Need for Speed: Highlights from IBM and Catchpoint’s Global DNS Performance Study