API health check: how to keep apps healthy

API health checks are essential to ensuring the availability and functionality of your API endpoints. They keep you abreast of your overall API health and can flag any issues at an early stage.

Ultimately, API health checks are part of a proactive approach to monitoring the overall health of your APIs. It’s the equivalent of going to the dentist for regular check-ups rather than waiting until something goes wrong with your teeth and you are in pain!

What is an API health check?

An API health check is a way to check the operational status of an API. It is a monitoring method that can alert you when something isn’t functioning as it should. You can set up an API health check endpoint for each API, view the results on a dashboard, and receive alerts for unexpected results.

Using an API endpoint health check means you can monitor anything that could prevent your API from servicing incoming requests in the way that it should. You can set up these health check services so that they are relevant to your particular APIs, as doing so suits a wide range of API management architectural and deployment patterns. As an example, a health check endpoint could monitor:

  • Availability – a health check service can send regular requests to API endpoints to verify they are accessible.
  • Functionality – a health check API can send requests using specific inputs to check these return the expected responses.
  • Performance – API health checks can track response times, measuring the latency to identify any slowdowns or performance bottlenecks.
  • Error detection and recovery – a healthy API shouldn’t return errors and exceptions. A health check can identify abnormal behaviour like this.  
  • Load balancing – if you have multiple instances of an API, you can use health checks in combination with a load balancer to distribute incoming requests to healthy instances and avoid those that are exhibiting unhealthy behaviour or are unresponsive.

Should any of these checks return unexpected results, the health check service can raise an alert to make you aware. You then have the power to take swift, early remedial action before the issues escalate and/or negatively impact your user experience.

Let’s run through some health check API best practices, then look at the use cases for this type of API health monitoring.

API health check best practices

If you’re ready to take a proactive approach to monitor the health of your APIs, it’s important to do so in a way that ensures you get the best out of your health check services. Here’s how.

Automate API health checks

Automating your API health checks means you can implement continuous monitoring without the need for manual intervention. You can automate regular checks and also automate checks taking place in response to triggers that you predefine. And, of course, you can automate the alerts the health check API sends out when a check fails or returns an unexpected result.

Check API health as frequently as possible

The more frequent your checks are, the more likely you are to catch any issues before they escalate into problems. By identifying issues in real-time, you can minimise downtime.

Bear in mind, though, that health checks will impose a load on your API infrastructure. This means it’s a good idea to suit the frequency of checking API health to the importance of your different APIs. The more critical the API, the more frequently you should check it.

Disable cache

API health checks work by monitoring responses. However, if you have caching mechanisms enabled, your health check service may end up producing false positives as a result of cached responses masking underlying issues. As such, it is best practice to disable caching mechanisms during API health checks.

Response time matters

There are various ways to get the best out of response time checks. You’ll need to set response time thresholds, for example, to define what good looks like for your APIs. You can also bolster the impact of response time checks by analysing response time data over time. Doing so can not only help you identify performance bottlenecks and trends but can bring longer-term performance degradation issues to light. 

JSON response

It’s a good idea to use a standardised JSON structure to deliver your health check status information and associated details. JSON’s human readability, flexibility, extensibility, efficient serialization and deserialization and broad compatibility make it ideal for returning your health check endpoint responses. Configuring your health check endpoint to return responses in this format means you can receive clear, concise information about the health of your APIs’ critical components and the status of their dependencies.

Response status code

The response status codes that you use will make it easy to verify the status of the API you are checking. For example, you can use a success status code (2xx) to indicate that an API is functioning as it should and an error status code (4xx or 5xx) to indicate that it isn’t.

Consider protecting your health check endpoint

As with any element of your API infrastructure, it is important to implement appropriate security mechanisms. For your API health check endpoint, you can implement authentication and authorisation mechanisms to prevent unauthorised access. In so doing, you can ensure that only the monitoring systems you designate can perform health checks on your APIs.

Remember to regularly review and test your security arrangements to ensure that everything is functioning as it should from a security perspective and maintain the overall integrity of your infrastructure.

Use cases for API health monitoring

API health monitoring meets a wide range of needs. When you provide applications that rely on APIs, for example, health checks ensure that the underlying API infrastructure is functioning as it should so that your apps can do the same.

An API gateway health check system can be particularly useful in complex environments. Let’s say you use an API gateway for microservices and are growing the number of microservices you use. In essence, the more you use, the more complex things get. With plenty to keep an eye on, automating the health monitoring of your microservice API endpoints makes total sense. It means you can take a proactive approach to catching any issues early that might otherwise prevent your APIs from functioning correctly.

Not that API health monitoring is solely about identifying functionality or availability problems – as we indicated above, you can also use health check data to optimise the user experience that your APIs and the applications that sit on top of them deliver. For example, if you identify performance bottlenecks as part of an API health check, you can make changes that will iron out those bottlenecks and contribute to enhanced performance. That can mean a better user experience for all of your consumers.

How do you health check microservices?

Health-checking microservices is simple. You just need a health check API endpoint for each service. You can then check whatever metrics are most relevant to that service – memory consumption, database connection, response time and so on. You can use a dashboard to display the results and an alert system to immediately flag up any issues.

As well as monitoring the operational health of individual microservices, API health checks can also verify each service’s ability to connect to dependent services. This downstream operation status monitoring aids you in spotting any issues within your microservices architecture as early as possible.

What is the difference between API health check and API ping?

You can use pings to check your APIs are running and receiving HTTP requests. If you get a successful ping response, you know your API is receiving requests. An API health check, however, can tell you much more. It not only shows that your API is running but can assure you that all the critical parts of it are functioning as expected – and help you home in on any that aren’t.

How does an API gateway health check work?

We’ve focused above on checking individual APIs, microservices and so on, but you can – and should! – also use health checking services to ensure your API gateway is functioning as expected. Just as health checks can verify that applications and their underlying APIs are available and functioning as expected, you can use them to verify the status of your gateway.

One of the benefits of Tyk is that it makes it easy to do this. With the Tyk API Gateway, the liveness health check runs on the  /hello  path by default, though you can configure it to run on any path you want to set. The health check endpoint refreshes every ten seconds, returning a  HTTP 200 OK  response if all is well.

Wrap up

Monitoring the health of your APIs is an excellent approach to ensuring you minimise downtime and optimise performance, delivering a superior user experience as a result. Doing so means you can identify issues at an early stage. In turn, this means you can implement remedial action before those issues escalate. To go back to our earlier dental analogy, it is much better to spot a cavity at an early stage and arrange to have a filling than it is to let it go unchecked and end up losing the tooth!

The Tyk team is always on hand to answer any questions you may have about API health checking and monitoring. You can also read about API insurance here. Alternatively, if you are coming at the issue of health monitoring from a microservices perspective, you might find it useful to read our article on microservice gateway and access patterns.