Introducing: Supercharged API Monitoring

This week we have launched a major upgrade to our API Monitoring so you can now add Custom Headers. We have also extended the tool to monitor via PUT and DELETEYou can also add Custom Headers to your normal page monitors (HTTP GET).

Why monitor an API?

Web APIs are becoming the backbone of the internet providing mobile apps, modern web applications and integrating systems with a code-agnostic method of communication. This ever increasing reliance on APIs has meant that not only your own organisation is interested in its own uptime, availability and performance. Now third-parties, clients and partnering companies are relying on your API to be online and available at all times.

This is why this week we released our much needed API monitoring upgrades! Previously we provided two types of HTTP monitors; GET and POST, however, they were very limited and didn’t accommodate for the diverse requirements that APIs can have. Our latest upgrades include:

  • New HTTP verbs; PUT and DELETE
  • Custom Headers
  • Basic Auth

What are these used for?

The existing HTTP verbs (GET and POST) do cover a lot of use cases, but if you’re operating a RESTful API then it is encouraged to use multiple verbs for different things. For example a GET is used for reading, POST for creating, PUT for updating and DELETE for removing. By adding the latter two we have expanded our abilities to help you ensure your API responds correctly to the requesting verbs.

Custom Headers provide a huge amount of functionality for API users. For example, here at RapidSpike our own API accepts an encrypted authentication token in the ‘Authorization’ header. We can now monitor deeper into our API using a custom header to set this token. Another use of this is to send a token via the ‘X-Api-Key’. This is more commonly used to send a pre-authenticated token to an API for retrieving non-critical data.

As the name suggests, Basic Auth is a very basic authentication technique used in many APIs. It takes a username and password, encodes them and submits them to the target URL, however, unless you are using HTTPS this is a highly insecure method of authentication. Without HTTPS the credentials are only encoded, not encrypted so people will able to view them with ease.

We believe that by expanding our API monitoring abilities we will help you ensure your API is available, performant and functional at all times.

How do I get set up?

Add a new Page monitor (HTTP GET) or API Monitor (POST, PUT, DELETE) by clicking on the Add Monitors wizard. Both these monitor types are found under the heading Availability. They can also be configured when adding a Website group of monitors.

When adding an API Monitor, you can now change the Request Method to either POST, PUT or DELETE:

The other new settings are found under “Advanced Options” – click this button to see options for Response Timeout, Basic Auth and Custom Headers. Adding your Custom Headers couldn’t be easier: just enter a key – value pair, and click Add Another Header when you want to configure more than one.

You can also update any existing API/Page Monitors to add Custom Headers. Just go to the relevant Website in your app, find the monitor in either the Page Monitors or API Monitors section, click the Edit button and update the settings however you like.

Once configured, your API Monitors will work in the usual way – notifying you according to your Alerts settings. Once a failure has been detected you can receive a notification via email, Slack, SMS, Pager Duty or Webhooks.

We hope you find these updates useful in monitoring your vital APIs!