Solve API problems fast with Runscope. Learn More →

Beyond Black Friday: 3 Tips on Preparing Your APIs for a Major Event During Any Season

By Ashley Waxman on .

Black Friday is around the corner, signaling the beginning of the holiday crunch. For retailers, this is make-it-or-break-it season, a crucial revenue period when they absolutely can’t afford to their apps or their website break or fail. Part of that means making sure their APIs are rock solid. Even a short outage on Black Friday or Cyber Monday can mean huge losses for retailers and their partners. During last year’s holiday season, mobile accounted for 45 percent of all online traffic, a year-over-year increase of more than 25 percent.

But retailers are not alone, and many businesses will encounter a time in which they can’t afford even the slightest breakage: the Super Bowl for media, tax day for finance, a big event or launch announcement, or the close of a long release cycle. You want your code to be functionally complete and protected from introducing any new changes to prevent what could be a very costly and/or public failure.

Since retailers do this every year, there’s a lot to learn from the practices they have down pat. We’ve organized three tips that we’ve seen in the retail industry to get you ready for crunch time so you’ll be ready to face any mission-critical event—even Black Friday.

1. Go into a development lockdown

To refrain from introducing any regressions, slow performance or otherwise screw up the customer experience during the holidays, nearly every retailer puts a freeze on their code as early as October or the first week of November in preparation for the retail season. This is not the time to experiment with brand new things that could destroy your numbers.

“During a major event that brings a significant number of customers to our site and apps, it’s critical that we don’t introduce any unnecessary changes that could impact the consistency and reliability of the customer experience,” says Roberto Lancione, IT Enterprise Architecture Manager at ALDO.

The most minor aesthetic change can alter the way customers interact with your site or your mobile app, so put A/B testing to a halt as well. Keeping your UI consistent will keep your users comfortable and unaware of the potential frenzy going on behind the scenes.

2. Test everything, everywhere

While A/B testing introduces unnecessary complexity, testing your system as a whole is essential to ensuring the end-to-end customer experience is seamless. You want to prevent any performance issues during days of peak traffic to your site or app. One of the largest retailers in the country tests its production environment to the point of almost bringing its site down to stay ahead of any issues as much as possible.

One way to do this is ensuring that your app works across all devices. AWS Device Farm is a handy testing tool that lets you simulate your mobile app on hundreds of different smartphones and tablets so you don’t have to build these tests in-house, and can plan for performance across devices you might not have thought of.

Once you’ve tested your system internally, it’s time to put those tests on a schedule to monitor performance so you’re the first to know when a service goes down. Monitoring the APIs that power your infrastructure and your apps from locations around the world ensures that you have your customers’ backs, no matter where they’re located. Make sure that your web UI is interacting with your APIs as expected and data isn’t being cached the wrong way. Easy-to-use tools like Ghost Inspector give you full coverage between your APIs and your websites.

3. Monitor API dependencies

Putting on a code freeze and monitoring your services is great for your own infrastructure, but what about the external services your business relies on? Most apps, let alone businesses, today integrate with multiple partners or third-parties to add to or enhance their product or service, such as payment transactions, email confirmations and receipts or a CRM. 

First, don’t change providers during a critical event like Black Friday. Even if you’re looking to make a switch, this is not the time to introduce external changes when short-term success is the goal. Get all your SLAs in order so you know what to expect from those providers in case their services go down.

Second, keep an eye on the production traffic that matters to your business by setting up real-time monitoring. Live Traffic Alerts notifies you the second a customer gets a 403 error that prevents them from paying for your product or getting an email receipt. You can then send the response body data to your provider instantly to let them know there’s an issue on their end faster than waiting for support tickets to come through.

We all face periods where our web services and mobile apps are put to the test. Even if your only participation in Black Friday this year is buying the perfect present for your mom, you can still reap the benefits of the long-standing work that retailers have done to build best practices for preparing for those events. Happy shopping and monitoring!

Categories: apis, api ecosystem, community, howto

This Fortnight in APIs, Release VI

By Ashley Waxman on .

This post is the sixth in a series that collects news stories from the previous two weeks and is curated lovingly by the Runscope Developer Relations team. The topics span APIs, microservices, developer tools, best practices, funny observations and more.

For when your APIs can’t contain themselves:

For many of us, APIs are a ubiquitous no-brainer to include in our infrastructure for both business and technology benefits, like speed and agility. Outside of our API bubble, the conversation around APIs has changed significantly over the past few years, as reviewed by Mark Boyd in The Importance of APIs in the Container Age. Boyd interviews several API practitioners to explore how APIs have become both more accessible by a less technical audience, but also more under the radar as the “invisible hand” guiding IT and business operations. This article also explores the difference between microservices and APIs, as well as whether APIs need a common metaphor, which has helped the container movement be successful.

For when your SOAP API has RESTing [fill in the blank] face:

SOAP APIs in production can be tricky to use when you rely mostly on RESTful services, and many developers would rather not try. One common solution to this conflict is putting a REST API in front of a SOAP stack, which Darrel Miller describes in this blog post. Miller explains the potential issues that can arise when attempting to to build a resource-oriented HTTP API as a facade to a SOAP API, as well as how to spot and troubleshoot those issues. Even with his guidance, Miller warns that converting a SOAP API to a RESTful one still won’t solve all your problems, as most SOAP APIs are built to expose a different set of data than REST APIs. If you’re still game to tackle it, Miller’s article is a trusty guide for you.

For when you want your microservices to get on Amazon’s level:

While not synonymous with each other, APIs and microservices are intrinsically linked. At the I Love APIs conference last month, Chris Munns, business development manager for DevOps at AWS, presented a talk on how Amazon builds enterprise microservices that scale. This recap on Apigee’s blog provides a high level overview on how Amazon is structured internally, the tooling teams use to get the job done like Apollo and CodePipeline, and best practices—which include “lots and lots of monitoring” plus metrics—by a company that’s regarded as one of the original innovators in microservices. Check out his full deck from I Love APIs, and if you’re still hungry for more microservices tips from Amazon, you can read an in-depth exploration of some more of the developer tools that Amazon has built to support microservices, such as API Gateway and Lambda, in The New Stack.  

For when you watch Netflix for more than your favorite shows:

Also coming out of the I Love APIs conference, InfoQ sat down with Daniel Jacobson, VP of Edge Engineering at Netflix and an early voice for microservices, to discuss ephemeral APIs and continuous innovation. In this Q&A, Jacobson discusses experience APIs and the value of being able to iterate easily and not creating a one-size-fits-all API that’s easy for few to use, but overall difficult for many. Jacobson also dives into the details of Netflix’s architecture and tooling, so if you’re looking for an inside look at one of the more influential engineering programs, this article is for you.

For when your framework is so good, you could eat it:

Yelp released a microservices framework dubbed PaaSTA (no, the TA is not silent), which currently powers the majority of Yelp’s operations. The company published a blog post that serves as a comprehensive guide to what the components are (Docker, Jenkins and SmartStack to name a few) and how they work so you can bring PaaSTA into your own org. It’s great to see more and more companies that are disruptive in the consumer space also releasing innovative tools to the engineering space. Now, can we post a review about PaaSTA on Yelp?

For when you want a new way to use API mangement:

As a developer, there are times when you’ll want to generate events from HTTP messages being sent to your APIs for things like creating an audit trail of updates and usage analytics. A post on the Microsoft Azure blog explains how easy it is to do so via an API management provider. This example walks you through how to monitor your APIs with Azure API Management, Event Hubs and Runscope Live Traffic Alerts. If you have an API management provider in place, connecting with API monitoring is “as simple as a few dozen lines of code.”

For when everything’s better in JSON:

Last week, we announced the launch of the new Runscope Export Format, a JSON representation of all your API tests complete with request steps, scripts and assertions. This new format serves Runscope’s latest feature release of importing and exporting entire suites of API tests in one click. This next phase in automation allows you access outside of the Runscope UI to the work you do building API tests and facilitate collaboration and test management among teams.

Notice something we missed? Put your favorite stories of the past fortnight in the comments below, or email us your feedback!

Categories: api ecosystem, this fortnight in apis, apis

How to Monitor Live Production API Traffic with Runscope Traffic Gateways and Alerts

By Neil Mansilla on .

Runscope started off several years back as an API debugging tool that allowed developers to inspect in-flight API traffic and debug integration issues. Even as our product evolved to include comprehensive API testing and performance monitoring, we’ve always stayed true to our original mission of helping our customers not just detect API problems, but also solve them. With our latest release of Live Traffic Alerts, we provide our customers with a new layer for API problem-solving—catching key API transaction errors with live production traffic monitoring. By notifying your team about failed API calls in near real-time, your team can respond and remediate issues quickly.

Many businesses can be deeply affected by errors or anomalies that occur in production and cannot be simulated with traditional functional monitoring. Some of these scenarios include catching declined credit card payments or a failed attempt at creating a lead in a database. By including this level of monitoring with the proactive monitoring you already use from Runscope (or if you don’t, you can sign up here to try it out), your team can keep tabs on slow endpoints and retry erroneous API calls to ensure that you’re meeting your SLAs and not losing valuable engagement with customers.

Four Easy Methods of Collecting Traffic for Monitoring

Live Traffic Alerts works by evaluating all API calls stored in your Runscope buckets. If you’re already using Runscope for API tests, you may have noticed that the Traffic Inspector for your bucket includes all of your API test calls. But what about live production traffic? How is it collected into your bucket to be analyzed?

Runscope has four traffic collection methods (in addition to collecting API test traffic) that work with Live Traffic Alerts:

  • Runscope Global Traffic Gateway: Also referred to as Gateway URLs, this is the most common way to collect traffic for Alerts for public and third-party APIs. With a simple modification to an API hostname, traffic is transparently routed through the Global Traffic Gateway between the calling client and the destination API.

  • Capture URLs: Similar to RequestBin, every bucket has its own unique capture URL. This is useful for for monitoring and debugging webhook API calls.

  • Runscope API: Post API transaction details directly into your bucket using the Messages resource. This method can be used as an alternative to the gateways.

  • Runscope Gateway Agent: An on-premises gateway installed on your local infrastructure. This method is used to collect traffic for APIs on a private network.

Defining Live Alerts Criteria

Live Traffic Alerts is very flexible, allowing you to match against nearly every aspect of an API call, including the request, response and connection metadata. For example, when setting up a traffic alert to catch slow API calls, you define rules against the response time. There are many other matching criteria that can be combined and evaluated against, such as URL, parameters, headers, request/response body, source IP address, etc.

When matches are found, the Live Traffic Alerts dashboard is updated in real time. Additionally, alert notifications can be sent by email to any team member, posted to a chat channel using the Slack, HipChat or Flowdock integrations, or even posted to one or more callback URLs. 

Check out our live demo of Live Traffic Alerts below and how to use the Runscope Traffic Gateways to start monitoring and debugging APIs, all in one place. Then, give it a try by signing up for a free trial of Runscope today. If you’re currently on a free plan and want to try Live Traffic Alerts for yourself, contact our Support team and they’ll set you right up.

Categories: webinar, product, monitoring, howto, debugging

Manage API Tests Your Way with Seamless New Import / Export Features

By Neil Mansilla on .

At Runscope, we've always set out to make the creation and management of API tests simple and straightforward in our dashboard UI. Most of you were able to create your first API test within minutes of signing up. Over time, we've listened to your feedback that you want more flexibility around test management. Our first response was a major update to our API a few months ago, introducing capabilities around creating, modifying and deleting delete tests and their components programmatically. This week, we're excited to announce the next phase of easier test creation and management.

Runscope is pleased to introduce Import and Export functionality in the dashboard UI with the new Runscope Export Format. With this Import/Export feature, you can create, modify and version entire suites of API tests quickly and easily.

Exporting Tests By the Bucket or One at a Time

With just one click, you can export an entire bucket of tests, or a single test from the individual test view. The file is exported in the Runscope Export Format (see above), a JSON representation of tests with request steps, scripts and assertions.

Importing Tests via the Runscope UI or API

With your tests in the Runscope Export Format, you can use your favorite IDE or text editor to make changes or create new tests. When you're finished, you can import the JSON file and new tests will be created. #Protip: Give your test a new name (or make a slight variance) if you're importing into the same bucket to avoid having tests with duplicate names.

Above, we're modifying a test from the export we did in the previous step, then importing the tests into a new bucket.

You can also import your tests using the Runscope API. Making a POST call to the Test Resource endpoint with your Runscope Export Format JSON in the body lets you create one or more tests programmatically into any of your buckets.

Manage Tests Your Way

The Runscope Export Format is instrumental for integrating Runscope API testing and monitoring into your software development and deployment practices. API tests and configurations can now live within your projects—edited in your IDE, synced and versioned into your code repository, and then executed within your CI/CD workflow. 

Whether you're using the new Import/Export functions or building advanced integrations with the API, we would love to hear how you are incorporating Runscope API tests into your development lifecycle. You can also check out our repo of sample apps built with the Runscope API, and sign up for Runscope for free to take control over how you create and manage your API tests. 

Categories: howto, product, testing

Everything is going to be 200 OK