How to Set SLAs for Cloud APIs Posted in Strategy J Simpson September 27, 2022 Cloud APIs have been all the rage for the past several years. Serverless architecture has been on the rise, for one thing, which has become increasingly common in the world of remote work and collaboration. Some are predicting that cloud API adoption is going to expand by 600% by 2031. Organizations must come to grips with managing cloud APIs sooner rather than later. This is particularly true regarding security, permissions, and integration with third-party APIs. Consumers must depend on the stability of cloud APIs — as such, reliability is key to an API’s success. If an API breaks or underperforms, users will find a replacement in this competitive landscape. Virtually every major API boasts almost complete uptime. “The five 9s” have become the industry standard, which is shorthand for “99.999% uptime.” However, things get a bit more complicated when dealing with cloud APIs, where there are more factors outside our control. A service-level agreement, or SLA, clearly lays out these specific performance targets so customers know what to expect from their cloud APIs. Below, we’ll take a deeper look at SLAs for cloud APIs, showing how API providers can construct their service-level agreements and ways to monitor your cloud APIs to show users you’re honoring your SLA. We’ll also highlight some real-world examples of SLAs that cloud APIs can model their own SLAs after. What Is a Cloud API SLA? Before we get into the nitty-gritty of how to set up an SLA for a cloud API, let’s consider what an SLA actually is. Techopedia defines an SLA as “the service contract component between a service provider and customer, providing specific and measurable aspects related to service offerings.” SLAs frequently provide many specific details, which range from informal to legally binding objectives: Details and scope for key services, including guarantees, priorities, and responsibilities What users can expect from specific measurable services Detailed tracking and reporting guidelines Problem management procedures Outline of fees and expenses Customer duties and responsibilities Disaster recovery procedures Agreement termination clauses Now, let’s add a layer and look at cloud SLAs. A cloud SLA is an agreement between a cloud service provider and the client or customer. A cloud SLA often dictates a minimum level of service that can be expected as well as levels of reliability, availability, and responsiveness to systems and applications. Cloud SLAs frequently specify: Volume and quality of work (including precision and accuracy) Speed Responsiveness Efficiency These factors begin to outline some of the issues you’ll run into with an API-focused cloud SLA. Cloud APIs often operate across geographic borders, for one thing. They often have different components on different networks and systems, as well. Each of these components could be located in a separate geographic area, which will have its own rules and laws around governance, privacy, etc. This must be dealt with when you’re handling SLAs for cloud APIs. Considerations For Your Cloud API SLA SLAs for cloud APIs need to be agreed on by producers and consumers alike. You’ll need to decide which features you hope to focus on in your SLA so you can make sure to meet your agreement. To ensure your SLA is being met, you’ll need to have some sort of monitoring solution in place to prove things are working as they should. Here are some other things to remember when coming up with your SLA. Location You may need to come up with separate SLAs for different regions. Sending data from North America to Asia can take up to twice as long as a call made in the same country. Even then, response time can vary drastically from coast to coast. This all gets even more complicated when you’re dealing with cloud APIs. Every response might come from a different server, even if the call is coming from the same IP. As such, an API monitoring solution must account for these irregularities. Decide What You’re Measuring Measuring cloud APIs can get complicated, especially when dealing with many APIs. Every API needs to be maintained, for one thing. And providers should strive for the five 9s to meet their customer’s expectations. You’ll need to decide if you’re monitoring real-time interactions or monthly averages. Both you and your customers need to agree on what’s being measured, as well, to avoid any potential miscommunication or confusion. Some common metrics that are measured as part of API SLAs: Number of API calls Traffic volume Response time Number of errors Decide On A Monitoring Solution As we said before, monitoring is especially tricky with cloud APIs as there are so many variables, from location to network speed, to name just a few. One solution that eliminates much confusion is to put an API gateway in place. This acts as a stable ground where you can take your measurements and get reliable monitoring. Even better, API gateways are common features of many API management solutions, so you don’t have to write the code yourself. Some of these API management solutions even have built-in tools for creating SLAs, letting you set what variables you’re monitoring, too. API management tools usually have built-in documentation tools as well. This could help prove to your clients and customers that you’re holding up your end of the SLA. If you decide to adopt your own solution, you’ll need to figure out your own documentation system. You’ll also need to ensure that it’s secure so you don’t accidentally expose sensitive data. Example Cloud API SLA: Cloud Natural Language API Let’s round things out with a real-world example of a cloud API SLA to make things more concrete and less abstract. Let’s consider the SLA for Google’s Cloud Natural Language API. If you follow that link, you’ll see that it’s a fairly standard contract that defines terms and lays out expectations. According to their SLA, Google is responsible for: Covered service Monthly uptime percentage Cloud Natural Language API = 99.9% AutoML Natural Language Online Prediction = 99.9% The contract also specifies what happens should they not meet their SLA. In this case, the customer is eligible for a credit. Glancing at their definitions gives you a good idea of why such a thing is important. According to the Google Natural Language API, “downtime” is more than a 5% error rate. They also specify the different levels of compensation a customer may be due: Monthly uptime percentage Percentage of monthly bill for the respective Covered Service which does not meet SLO that will be credited to future monthly bills of Customer 99% – < 99.9% 10% 95% – < 99.0% 25% < 95% 50% As you can see, a cloud API SLA is as essential as any documentation. When it comes to business and tech, it’s best to remove all uncertainty and guesswork. This way, both you and your customers will know what to expect, which is one of the most important aspects of any relationship.