Blog / API Monitoring

A guide to API health check

At its core, the API health check is an API monitoring method that checks your API and alerts you when it notices something's amiss. Consider it a diagnostic tool for your codebase that can help you find problems before they become more significant headaches than they need to be.

Written byArman
Published OnThu Aug 19 2021
Last UpdatedThu Jan 25 2024

APIs are everywhere, powering the functionality of a wide range of applications. As a result, they’re hot, and with good reason. Having a well-developed API can make it easy for third-party developers to integrate into your product, which can help drive growth and even create a whole new revenue stream. But to reap all that goodness, you need to monitor your API health and performance.

What is an API health check

At its core, the API health check is an API monitoring method that checks your API and alerts you when it notices something’s amiss. Consider it a diagnostic tool for your codebase that can help you find problems before they become more significant headaches than they need to be.

API health check endpoint returns the operational status of the API

API health check list

There is a broad range of items that an API health check endpoint can check; which one should be included and which one should be missed? As a rule of thumb, the API health check endpoint must check anything that may interrupt the API from serving incoming requests. This is different for each API, but we have listed some of the most items to include in your API health check endpoint:

Downstream Operation StatusYour API may depend on other APIs to operate. Make sure to check the operational status of the downstream APIs you depend on
Database connectionYour API may have an open connection to a data source. Make sure the connection is available at the time of the health check
Database response timeMeasure the average response time to a typical DB query
Memory consumptionSpike in memory usage can be because of memory leaks and can interrupt the service
In-flight messagesDoes your API works with message queues? Too many in-flight messages can be a sign of an underlying issue

API health check vs. API ping

API ping endpoint responds to requests with a basic 200 OK message. The purpose of the API ping endpoint is to verify that HTTP requests reach the API. In addition, Dev-ops engineers ping APIs (using ping endpoint) to ensure that the API gateway, SSL, routing, and other network-level components work together to deliver a request to the API process.

API ping endpoint barely checks that the API is running and is accessible

As discussed earlier, the API health check endpoint verifies multiple items and responds with the status of the API and its dependencies.

Throughout my career, I have come across many API ping endpoints that return 200 OK while something is wrong with the API. API health check endpoint is superior to the API ping endpoint, covers all use cases of API ping, and offers many more benefits.

We highly recommend our customers develop API health check endpoints and use them for API monitoring.

API health check best practices

It’s essential to monitor your API health every minute and set up alerts if API is not working correctly. Here are some best practices to help you monitor your API health.

Automate API health checks

You should automate your entire API health checks via a fault-tolerant API monitoring system. In addition to that, you should avoid rolling out your bespoke API monitoring solution for API health checks. Using a dedicated API monitoring solution minimize the risk associated with monitoring tool downtime and bug. Make sure to check our best API monitoring tools article for a list of available services for API monitoring.

Check API health as frequently as possible

Ideally, your API health monitoring tool must check the health of your API every minute. Is it too much? No! Imagine if an API health check happens every hour. What would happen if your API goes down immediately after the last health check? It takes 60 minutes for you to realize your API is down.

Disable Cache

Your API process must serve every request to your Restful or GraphQL (micro)service API health check endpoint. By disabling caching on your health endpoint, you prevent HTTP caching from serving the request. As a result, every request to the API health check endpoint returns the most up-to-date status of your microservice.

To disable the cache, add the Cache-Control: no-cache to your endpoint.

Response Time Matters

Not only it matters that the API health check endpoint responds, but also it matters how long it took for the endpoint to respond to the request. For example, if the endpoint responds in 30 seconds, there is something wrong with the API.

At Testfully, our customers can set the expected response time for API testing and monitoring. Should it take longer for your API to respond, Testfully starts alerting you.

JSON Response

Returning the response of health check in JSON format allows further validation using API monitoring tools.

Response Status Code

Leverage the response status code and communicate well with the monitoring tool about the result of a health check. A successful health check should return 200 OK. Use other standard HTTP status codes, including 500 Internal Error, to signal a failure.

The Response Status Code should reflect the overall status of your API.

Geographical API Performance Monitoring

In an era where digital services are accessed globally, monitoring API performance across various geographical regions is vital. It is essential because an API functioning well in one region may encounter issues in another due to network variability or localized downtimes. Geographical monitoring ensures uniform API performance worldwide by detecting region-specific issues early. Using synthetic monitoring for simulated interactions and Real User Monitoring (RUM) for actual user experiences, businesses can guarantee that their APIs provide consistent and optimal service, irrespective of the user’s location. This dual approach is critical to maintaining a high standard of user experience globally.​​​

Consider protecting your health check endpoint

Most ping endpoints are publicly available because they don’t provide much internal or sensitive information. On the other hand, API health check endpoints expose information about your service, so it’s a good idea to protect this endpoint. You only need to make sure that your API monitoring tool supports sending API access keys.

As we continue exploring API health check monitoring, staying updated with the latest trends shaping this field is essential. The fundamental principles of API health checks remain consistent. Still, the methods and technologies we employ are constantly evolving, offering more efficient and comprehensive ways to ensure the robustness of your APIs.

Embracing AI and Machine Learning in API Monitoring

One of the most significant advancements in API health monitoring is the integration of AI and machine learning technologies. These tools offer predictive capabilities, enabling teams to predict potential issues before they impact the API’s performance. For example, we can leverage machine learning algorithms for analyzing past data to identify patterns that show future issues and allow for proactive measures to prevent potential problems.

Example: A well-known example of AI in API monitoring is using anomaly detection algorithms. These algorithms can identify unusual patterns in API traffic, such as a sudden spike in error rates, which might indicate a DDOS attack or a malfunctioning endpoint. Companies like Amazon Web Services offer AI-driven monitoring tools that can automatically detect and alert about these anomalies.

The Rise of Microservice Architectures in API Design

The shift towards microservice architectures in API design has also influenced health check strategies. An API might depend on numerous small, independently deployable services in a microservices setup. This feature calls for an acceptable approach to health checks, ensuring that each microservice functions correctly and efficiently.

Example: Netflix is a prime example of microservice architecture in action. Each aspect of the Netflix service, from the user interface to the recommendation engine, operates as a separate microservice. Their API health checks are designed to individually monitor these services, ensuring that an issue in one microservice, like payment processing, doesn’t affect other operations, such as content streaming.

Example: Microservices Health Check

Imagine an e-commerce platform that uses microservices for different features like user authentication, product catalogues, and payment processing. A comprehensive health check system would individually monitor these services, ensuring seamless integration and functionality across the platform.

Zero Trust Security and API Health Checks

Another key trend is the integration of zero-trust security models in API health checks. This approach, which we’ve touched on previously, involves verifying every request to an API, regardless of its origin. Implementing zero-trust models in health checks ensures that security is essential, protecting your APIs against unauthorized access and potential breaches.

For example, financial institutions that handle sensitive data and transactions use zero-trust models in their API architecture. For instance, a bank’s API handling user transactions would require multiple layers of verification and security checks for each request, regardless of whether it’s coming from an internal or external source. This approach can significantly minimize the possibility of data breaches and unauthorized access.

Evolving API Health Check Practices

Trend/AdvancementDescriptionImpact on API Health Checks
AI and Machine LearningPredictive analytics and pattern recognitionAnticipate and resolve issues before they escalate
MicroservicesIndependent, modular servicesRequire granular and comprehensive health monitoring
Zero Trust SecurityNever trust, always verifyEnhances the security aspect of API health checks

Staying updated with API health checks is crucial to maintaining efficient, secure, and reliable digital services. By embracing these latest advancements and trends, you can ensure that your APIs meet current operational standards and are prepared for future challenges and innovations.

Usecases for API health check endpoints

Keeping the API health check endpoints generic allows us to use them for multiple purposes. In this section, we will review some of the everyday use cases of an API health check endpoint

  • Container orchestrators and API load balancers can use API health check endpoint to find out about the process status
  • Usage of memory, disk, and other server resources can be monitored via API health check endpoints
  • Health checks can test APIs dependencies, such as databases and external service endpoints, to confirm availability and normal functioning.

API health check endpoint types

There are at least three different types of API health check endpoints designed to serve specific purposes.

  • The readiness endpoint, often available via /health/ready, returns the readiness state to accept incoming requests from the gateway or the upstream proxy. Readiness signals that the app is running normally but isn’t ready to receive requests just yet.

  • The liveness endpoint, often available via /health/live, returns the liveness of a microservice. If the check does not return the expected response, it means that the process is unhealthy or dead and should be replaced as soon as possible.

  • The generic health check endpoint, often available via /health, returns the status of the service and the dependencies.

Consider the following example: an API that loads JSON-based data into memory to serve requests.

  • The /health/ready continues to respond with NOT_READY signal while the API is loading the JSON file since the API cannot serve any request without the file in memory. Therefore, it may take some time for the API to process the entire file.

  • The /health/live immediately signals LIVE, even though the app is not ready, to prevent the container orchestrator layer from restarting the app.

API health check with Testfully

In our API Health Monitoring with Testfully article, we explain how you can run a health check for your API in three simple steps. If you prefer to watch a demo, we have recorded a quick demo of our platform for API monitoring.

Frequently Asked Questions

We got an answer for your questions

  • What is API health check?

    It is a Rest(ful) API endpoint that checks the API itself and all critical dependencies. API health check endpoint returns the check result as the response. Software, QA, and Dev-ops teams use this endpoint to monitor the health of an API using a monitoring tool like Testfully.

  • What is the API ping endpoint?

    It is a Rest(ful) API endpoint that responds with 200 OK message. It barely tells the monitoring service that the API process is running and has received the request.

  • What is the difference between API health check and API Ping?

    A successful API ping response suggests that the API is running and receives the HTTP requests. A successful API health check response indicates that the API is running and all of the critical parts of the API are working fine.

Testfully is a bootstrapped startup from Sydney, Australia.
We're funded by our supportive & amazing customers.

The word `testfully` is a registered trademark of Testfully Pty Ltd.