One of the great benefits of the modern development landscape is the increase in system functionality. Never before has there been such a deluge of effective and efficient applications harnessing incredible processing power, each performing thousands of unique and resource-consuming tasks.
With this amazing increase in complexity and capability, developers more and more rely on external APIs to keep up with the evolution of the app space. Mostly gone are the days of “single use” web applications that rely exclusively on internal resources for all functionalities. As the internet has become more and more dependent and interconnected, so have the systems that drive it — many APIs in fact depend on a variety of other APIs and apps just to perform their base duties.
As more and more APIs utilize dependencies to extend their functionality and usability, the responsibility to maintain and monitor dependency relationships and how those dependencies interact with each build has grown ever more important. A single break in dependency integration could cause an application to fall like a house of cards, exposing customer data and breaking security.
Thankfully, there are a great many tools available to the modern API developer to ensure that this does not occur. Monitoring the status and interactions of APIs and their API dependencies is no laughing matter, and these four tools carry this important weight with finesse and efficiency.
Why Use External APIs At All?
Before we discuss the implementation of these four tools, it’s important to qualify this discussion by saying that the utilization of external APIs is one of the most powerful assets the modern developer has at their disposal. While there are a bevy of headaches intrinsic to this approach, its benefits far outweigh its drawbacks.
Utilizing an external API as a dependency saves resources. There’s no need to reinvent the wheel, especially when it has been revised to near perfection. That is the case with many functionalities that other APIs are created to perform.
As an example, if a developer created a Java-based typing API that allowed for cloud-based writing and collaborating, one of the features that would be expected by the average user would be style and grammar checking.
While a developer could build their own system in house to check style and grammar, the fact is that there’s already an amazing open source library for this exact functionality — LanguageStyle is designed to enable such correction in an open source environment.
The case for integrating this external API is strong. The difference between spending thousands of code lines creating your own system is appalling when you consider the simplicity of offboarding a call.
Additionally, utilizing external APIs allows a developer to incorporate open source and public code repositories into their own while maintaining a certain amount of proprietary control. By separating core functions and utilizing external APIs to extend these functions, a developer can be truly extensive without incurring the high overhead typical in first party development.
There are two huge caveats here. The first is that these APIs need to be tracked. With so much functionality dependent on external variables, tracking the changes to these services and ensuring that compatibility is met can be a chore. As complexity mounts and more functionality is tied into more dependency, this becomes a significant issue.
An equally important consideration is that many of these external APIs can conflict with base code from generation to generation, and often introduce new bugs due to these conflicts that must be identified and eradicated before entering the user space in a public build.
With these realities in mind, we’ve made a list of tools that aid in dependency management.
One great tool to track these multiple issues is APImetrics. APImetrics occupies an interesting space in that it presents its solution more as a complex dashboard for API metrics and analysis rather than a tracking-specific model.
By structuring calls stringently and in such a way as to test the actual response time, effectiveness, and dependency responsiveness of an API, APImetrics is one of the most powerful tools in highlighting external API dependency and performance issues. This solution attacks the issue on a holistic, rather than specific level.
APImetrics allows for the testing of multiple calls inline, which is great for testing stack configuration. Additionally, dependency and API versioning is handled natively, allowing for seamless and easy tracking of API health.
This is of course a huge benefit — after all, proper API metric generation and analysis is perhaps one of the most important elements of an API developer’s toolkit. Being able to monitor not only the status of external APIs your API is dependent on, but the overall status of the internal API itself.
This comes with a cost, however, as many of the more powerful features behind APImetrics are subscriber only.
Of note is the fact that this type of solution is best used in cases where the development team wishes to utilize external APIs prolifically. The solution is so effective, it’s almost overkill for smaller APIs and startups — think of it as the “high octane” solution.
Visual Studio Application Insights – Azure
Another solution arises from the Visual Studio Application Insights offering from Microsoft via their Azure servers.
The solution currently integrates ASP.net databases, WCF services, HTTP calls, Azure DocumentDb, and Java databases (including SQLite and PostgreSQL) into its status checks, and tracks interactions between the API and external APIs in real time.
The best part about using the Application Insights solution is that it utilizes metrics on calls rather than an in-built metric system, meaning that interaction and API status can be observed at a higher level. Testing specific calls rather than simply checking versioning allows for interaction testing, ensuring that the version is correct for your particular API.
As part of this testing, failed calls are notated and exceptions are shown in detail, allowing for more specific and powerful troubleshooting.
APIscience bridges the gaps between “auditing” and “foundational” approaches. Core to its functionality is the idea of first testing the integration of internal and external APIs, and then testing their results. APIscience tests REST, JSON, OAuth, and others, and then continues to test variations therein.
One of the things that APIscience does great is comparing previous versions of APIs and related dependencies with current releases. This comparison allows for highlighting bottlenecks in both internal releases and the external API releases an API depends on, highlighting poor performing integrations and preventing bloat related symptoms.
APIscience utilizes a system of monitors to track variations in API functionality and performance, tracking over time and collating this data into dynamic reports. This makes it a great middle of the road approach, allowing developers to audit existent code and maintain functionality between disparate API and dependency versions.
Smartbear’s AlertSite is an incredibly powerful monitoring tool because of the breadth of options it provides API developers. First and foremost, Smartbear is an API status and health manager — it utilizes a network of nodes to track speed and call response across the globe, and does so while correlating these responses to performance rating.
Of note is the fact that Smartbear also integrates with properly formed functional scripts — reducing the overhead time required and preventing necessitation of APIs like SoapUI and Ready! API. What this means is that most internal testing tools will integrate and behave with Smartbear, which hugely reduces the adoption headache many developers foresee with these sorts of solutions.
Smartbear provides a variety of monitoring types as well, which is very important considering how partner, public, and third party APIs all function differently and with different bottlenecks. By tracking each API given its best, most informative method, Smartbear provides perhaps a more clearer picture than other solutions presented here.
While there is a free option that provides 5 basic monitors, one advanced monitor, email alerts, and a 30 day data retention policy, the Pro and Enterprise solutions are far more flexible — and costly. Such feature rich options aren’t free, though, and this can be a barrier to entry for some API developers and providers.
Choosing a Solution
Fundamentally, the choice of solution is really a choice between UI and approach. While forensic auditing is powerful, it can often lead to a situation where an API is running on patched software, running old versions of obsolete but still functional external APIs.
On the other hand, fixating on the foundational elements of an API without looking at the greater picture can be just as harmful. The perfect approach needs to be a combination of the two, and which approach is implemented depends largely on how the solution is integrated into the API.