Payment API Monitoring
Payment processing is the lifeblood of online business. When payment APIs fail, you lose revenue immediately. APIAssert helps you detect payment issues before customers abandon their carts.
The Problem
Payment API failures are uniquely painful:
- Silent failures — API returns 200 but transaction fails
- Partial outages — Specific card types or methods fail
- Gateway issues — Third-party payment provider has problems
- Validation errors — Your integration rejects valid requests
A 5-minute payment outage during peak hours can cost thousands in lost sales.
How APIAssert Helps
Monitor Payment Gateway Health
Check that your payment provider is operational:
Monitor: Stripe Health Check
URL: POST https://api.stripe.com/v1/payment_methods
Assertions:
✓ Status code == 200
✓ $.object == "payment_method"
✓ Response time < 2000ms
Validate Your Payment Integration
Ensure your own payment endpoints work:
Monitor: Checkout Payment Validation
URL: POST /api/payments/validate
Body: {"amount": 100, "currency": "USD", "method": "card"}
Assertions:
✓ $.valid == true
✓ $.available_methods contains "card"
✓ $.min_amount <= 100
Check Webhook Endpoints
Verify your webhook handlers are responding:
Monitor: Payment Webhook Health
URL: POST /webhooks/stripe
Assertions:
✓ Status code == 200
✓ Response time < 500ms
Critical Assertions for Payment APIs
Transaction Creation
// Expected response from payment creation:
{
"id": "txn_abc123",
"status": "pending",
"amount": 9999,
"currency": "usd"
}
Assertions:
$.idmust exist$.statusmust be one of["pending", "succeeded", "processing"]$.amountmust equal expected amount$.currencymust equal expected currency
Payment Status
// Expected response from status check:
{
"status": "succeeded",
"paid": true,
"receipt_url": "https://..."
}
Assertions:
$.statusmust exist$.paidmust be boolean$.receipt_urlmust match URL pattern
Refund Processing
// Expected refund response:
{
"id": "re_xyz789",
"status": "succeeded",
"amount": 5000
}
Assertions:
$.statusmust equal "succeeded"$.amountmust be positive integer$.idmust start with "re_"
Real-World Example
The Scenario
A SaaS company processes subscriptions through Stripe. Occasionally, webhook deliveries fail silently, causing subscription renewals to not be recorded — leading to users being incorrectly downgraded.
The APIAssert Solution
Monitor 1: Stripe Webhook Endpoint
URL: POST /webhooks/stripe
Headers:
Stripe-Signature: test_signature
Body: {"type": "test"}
Assertions:
✓ Status code == 200 or 400
✓ Response time < 1000ms
Monitor 2: Subscription Status API
URL: GET /api/subscriptions/health
Assertions:
✓ $.queue_size < 100
✓ $.last_processed within 5 minutes
✓ $.error_rate < 0.01
The Outcome
- Webhook endpoint availability monitored every minute
- Alert triggered when queue size exceeded threshold
- Team discovered Redis connection issue before customer impact
- Implemented fix and added permanent monitor
Payment Providers to Monitor
Stripe
| Endpoint | What to Monitor |
|---|---|
| Payment Intents | Transaction creation works |
| Payment Methods | Card tokenization succeeds |
| Webhooks | Events are delivered |
| Customers | Customer creation works |
PayPal
| Endpoint | What to Monitor |
|---|---|
| Orders | Order creation succeeds |
| Captures | Payment capture works |
| Refunds | Refund processing |
| Webhooks | Event delivery |
Your Payment Endpoints
| Endpoint | What to Monitor |
|---|---|
| POST /checkout | Cart to payment works |
| POST /payments | Payment processing |
| GET /payments/:id | Status retrieval |
| POST /refunds | Refund processing |
Best Practices
Use Test/Sandbox Endpoints
Most payment providers offer test endpoints:
Production: api.stripe.com
Sandbox: api.stripe.com (with test keys)
Monitor both:
- Sandbox — verify your integration works
- Production — catch production-specific issues
Monitor from Multiple Regions
Payment latency matters globally:
US East: Monitor latency to Stripe US
Europe: Monitor latency to Stripe EU
Asia: Monitor latency to Stripe APAC
Different regions may have different performance characteristics.
Set Aggressive Alert Thresholds
For payment APIs, detect issues fast:
- Check interval: Every 30-60 seconds
- Alert threshold: 1-2 failures (not 3-5)
- Response time: Alert if > 3 seconds
Create Payment-Specific Alerts
Route payment alerts to specialized channels:
Payment API Down → PagerDuty (immediate page)
Payment Slow → Slack #payments (warning)
Webhook Queue Growing → Email (monitor)
Test Edge Cases
Monitor for specific scenarios:
- Zero amount — free trials, $0 checkouts
- Large amounts — high-value transactions
- Currency handling — multi-currency support
- Declined cards — proper error handling
Alert Response Runbook
When payment alerts fire:
- Check provider status — Is Stripe/PayPal having issues?
- Check your logs — Recent deployments? Error spikes?
- Test manually — Can you process a test payment?
- Check dependencies — Database, Redis, webhooks working?
- Escalate if needed — Contact payment provider support
Getting Started
- Identify payment flows — Checkout, subscriptions, refunds
- Map API endpoints — Both yours and provider's
- Create monitors — Start with transaction creation
- Add assertions — Validate response structure
- Set up alerts — PagerDuty for critical, Slack for warnings
Related Use Cases
- E-commerce API Monitoring — Full e-commerce monitoring
- Webhook Reliability — Monitor webhook endpoints
