Keeping the Business Healthy with API Monitoring and Analytics
By Prithpal Bhogill and Michael Endler
Millions of us use wearable devices for health and fitness tracking — but few of us are ready to let these gadgets replace visits to the doctor and other health and wellness professionals.
Indeed, if anything, data from these devices can help doctors to be effective, with different professionals leveraging the data in different ways. A cardiologist or general practitioner may home in on average heart rate data, in conjunction with labs tests, to help diagnose an urgent condition; but a personal trainer may help you gradually improve performance by focusing on your steps-per-minute averages when you jog a mile.
When it comes to our health, in other words, we easily understand certain kinds of distinctions. We instinctively “get” that our health data may be important in many use cases, that different people will be able to make use of that data in different ways — and that it’s better to have constant monitoring and analysis across this range of use cases than it is to focus on data from just one or two dimensions.
Unfortunately, when enterprises buy or build software to keep the systems and apps that run their businesses healthy, some of these distinctions aren’t as intuitive or easy to apprehend. Application programming interface (API) management capabilities, and particularly API monitoring and analytics, are a case in point.
APIs drive the digital experiences on which the connected economy relies — which means API health should be monitored and maintained via a range of tools and processes, not just the IT equivalent of the occasional doctor’s visit or an imprecise step counter. As this article will explore, businesses can stay on the right path by focusing on two key distinctions:
- connected application use cases that require working with live data versus use cases that require retrospectively deriving insights;
- whether a solution enables a business to detect problems versus whether a solution enables a business to act when problems are detected.
The Necessity of API Monitoring
APIs are how software talks to other software, so in numerous ways, they are analogous to the body’s circulatory and nervous systems, ensuring that apps and systems are connected, and that data is flowing when and where it should. APIs are also the interfaces that enable developers to leverage data or applications for new use cases and digital experiences. Just as it is important to protect the body’s nervous and circulatory systems and to control what we put in our bodies, it is important to protect APIs, monitor their behavior, and control who has access to them.
Most enterprises have thousands of APIs, and for years, some enterprises didn’t manage or monitor any of them — sort of akin to never going to the doctor. Many other enterprises paid attention to only a subset of APIs deemed particularly important, such as those used to make important capabilities available to partners. This attention to a subset was better than nothing — but not that much better. Luckily, as APIs have become more widely recognized as business drivers, more organizations have come to recognize the value of managing all APIs — which is one reason the API management sector has continued to expand.
But even if enterprise leaders increasingly understand that APIs are important and should be managed, assembling processes and solutions that truly promote API health is still no simple task. Just as it would be unwise to rely on a fitness tracker without consulting a doctor, businesses sometimes invest in partial solutions that seem fine at the time but prove inadequate when a problem inevitably occurs. This may be a challenge with monitoring and analytics in particular because the range of use cases the capabilities must support may not be evident until the enterprise is in the thick of an unforeseen challenge.
Right Now vs. Trending
At their broadest, monitoring capabilities are the equivalent of a heart rate monitor that lets a user distinguish when their heart is fine from when they need to call an ambulance. It focuses on the present tense, looking after streams of continually updated data and enabling IT operations teams to make near real-time decisions to maintain system health.
Analytics generally are backward-facing. The goal is less to understand the present tense than to understand what is trending and to use that understanding to improve decision-making. In terms of our health and wellness metaphor, it’s more like a team of physicians, personal trainers, and dietitians making personalized, data-driven lifestyle and fitness recommendations.
These two distinct treatments of data mean that to be effective, API monitoring and analytics solutions need to support alerting, diagnostics, predictive analysis, and actionability. It’s not useful, for example, if the operations team gets an alert that traffic is spiking but can’t quickly identify which API is overloaded and quickly apply a solution. Likewise, it’s not useful to be blindsided by every problem because troubling developments, such as one API experiencing creeping latency, are never detected until they start affecting customers. It’s certainly not useful to make hundreds or thousands of APIs available to internal and external developers without keeping track of which ones are being adopted — and which ones might consequently represent new business opportunities.
Nevertheless, even though monitoring and analytics are in some ways distinct concepts, it’s important to view them as a spectrum. Some use cases are clearly defined and separate. An executive who uses analytics dashboards to understand the business impact of APIs will probably have little use for the monitoring tools on which IT operators rely. But some use cases blend together.
If an API exceeds its latency threshold, for example, the monitoring solution should notify operators of the slowdown — hopefully, if the threshold has been established intelligently based on past data, before customers are affected. The problem might be caused by multiple things. A spike in traffic might saturate an API but it could also be that an API has been experiencing systemic problems for months and the trend has only been noticed because a combination of monitoring and analytics established a useful threshold. In a scenario such as this, the process of keeping the APIs, and the business value they support, healthy relies on a union of monitoring and analytics capabilities.
Other common users and use cases along the monitoring-analytics spectrum include API product managers trying to understand how APIs are adopted, consumed, and can be improved; developers who leverage APIs and want to understand how their apps are performing; business stakeholders looking to understand how APIs are impacting business and how future investments should be made; and security professionals attempting to knock out bots and other threats.
The Only Useful Data is Actionable Data
Actionability should be a core strength of any API analytics and monitoring approach. As mentioned, if a monitoring tool can alert operators about a problem but leaves them clueless about how to fix it, it’s not really helping.
But even more than actionability in the abstract, the ease with which action can be achieved is important. Returning to our health and wellness metaphor, most of us know that one frustration of the medical world is that services are often fragmented. Disconcerting data from a wearable device might trigger a visit to the general practitioner, who does some tests that reveal more disconcerting but inconclusive results, which then lead to a visit to a specialist, who does more tests and finally prescribes a solution, which then leads to a trip to pharmacist. This circuitous path between alert and solution is frustrating in the medical world — and a similarly circuitous path along the API monitoring and analytics spectrum can leave an enterprise vulnerable.
For example, some enterprises use synthetic monitoring tools that are bolted onto their API management tools and generally check system health by calling APIs at set intervals. This provides rudimentary insight into API availability but because it is a black box distinct from the core management tools, the approach generally offers limited ability to dive into data to explore problems and limited ability to immediate act on whatever triggered the alert. If monitoring and analytics capabilities are built into the management platform, in contrast, actionability can be enhanced; alerts and the tools to mediate them can be available in the same interface and automation of critical response patterns, such as throttling traffic to an overwhelmed API, can be more easily achieved.
Healthy APIs Support Healthy Businesses
Though enterprise leaders have largely embraced APIs as business drivers, they’re still learning what it means to fully support APIs in this role. It’s not enough to manage and monitor some APIs; every API represents an expression of the organization and is thus an opportunity for part of the business to fail or be broken into. Likewise, it’s not enough to simply know whether APIs are available — businesses need to be enabled to act on problems when they arise, discern and avoid most potential problems before they manifest, and constantly tune their approaches with data.
Just as our bodies are healthiest when we dedicate many resources to monitoring and analyzing them, businesses can support their health by prioritizing the full range of API monitoring and analytics needs and use cases — what’s happening now, what’s trending, and how this information can form the shortest path between a problem and a solution or between a business opportunity and results.
[Looking to learn more about API monitoring and analytics? Get your copy of our recent eBook, Inside the API Product Mindset: Optimizing API Programs with Monitoring and Analytics.]