Skip to content
ADP
API Design PrincipleBETA

[ADP-45] API Monitoring

Guidance

  • All API endpoints with an audience level equal to or greater than PARTNER_EXTERNAL SHOULD be monitored continuously.
    • Rationale: Monitoring these endpoints ensures that external partners and users are receiving the expected level of service and that any issues can be identified and resolved promptly. This is critical for maintaining trust and reliability in the API offerings.
  • Before making any decision to sunset (deprecate or discontinue) an external API, a thorough check of its usage patterns SHOULD be conducted.
    • Rationale: Understanding how frequently and in what manner the API is being used helps in assessing the impact of its removal. This ensures that critical functionalities used by external partners or customers are not abruptly discontinued, thereby avoiding disruption of their services and workflows.
  • SHOULD regularly communicate with internal and external stakeholders about monitoring practices and any upcoming changes to the API landscape.
    • Rationale: Transparent communication ensures that stakeholders are well-informed about the status and changes of APIs they rely on, fostering trust and cooperation.
  • SHOULD maintain comprehensive documentation of all monitoring activities, guidelines, and processes to ensure consistency and continuity.
    • Rationale: Well-documented practices facilitate better understanding, training, and auditing of monitoring activities, ensuring they can be consistently followed and improved over time.
  • SHOULD continually review and update monitoring practices to comply with evolving security and privacy regulations.
    • Rationale: Regular reviews and updates ensure that monitoring practices remain effective and compliant with the latest legal and regulatory requirements, protecting user data and organizational integrity.

Implementation Details

  • Continuous Monitoring Tools and Techniques
    • Utilize monitoring tools that provide real-time insights into API usage, performance, and error rates.
    • Implement alerting mechanisms for detecting unusual patterns or spikes in usage that could indicate potential issues or misuse.
    • Ensure that logs and metrics are stored securely and are accessible for historical analysis and auditing purposes.
    • Monitor specific key performance indicators (KPIs) such as response time, error rates, and throughput. Set appropriate thresholds for these metrics.
  • Usage Analysis Before Sunsetting
    • Gather detailed usage statistics, including the number of active users, request volumes, and response times, over a representative period.
    • Identify key stakeholders and communicate the planned changes well in advance, providing them with alternatives or migration paths if necessary.
    • Document the analysis process and decision-making criteria used to justify the sunsetting of the API, ensuring transparency and accountability.
  • Stakeholder Feedback
    • Incorporate feedback mechanisms from API consumers into the monitoring process to continuously improve API quality and relevance.