Third-party API Monitoring
Your application depends on external APIs — payment processors, shipping providers, authentication services, and more. When these APIs fail, your app fails. APIAssert helps you monitor third-party dependencies proactively.
The Problem
Third-party API failures cascade into your problems:
- Payment failures — Stripe has issues, your checkout is broken
- Auth outages — Auth0 goes down, no one can log in
- Shipping delays — FedEx API fails, can't get rates
- Data stale — Weather API stops updating, forecasts wrong
You can't fix their APIs, but you can detect issues immediately.
How APIAssert Helps
Monitor Vendor Health Endpoints
Most services have status endpoints:
Monitor: Stripe Health
URL: https://status.stripe.com/api/status
Assertions:
✓ $.status == "operational"
✓ Response time < 2000ms
Monitor Your Integration Points
Check the specific endpoints you use:
Monitor: Stripe API - Payment Methods
URL: POST https://api.stripe.com/v1/payment_methods
Headers: Authorization: Bearer sk_test_xxx
Body: type=card
Assertions:
✓ Status code == 200 or 400
✓ $.error does not exist
✓ Response time < 3000ms
Monitor from User Regions
Third-party performance varies by location:
Monitors from:
✓ US East (primary users)
✓ Europe (GDPR region)
✓ Asia Pacific (global users)
Critical Third-Party APIs to Monitor
Authentication & Identity
| Service | What to Monitor |
|---|---|
| Auth0 | /authorize, /oauth/token |
| Okta | /api/v1/sessions |
| Firebase Auth | identitytoolkit.googleapis.com |
| Clerk | /v1/me |
Payments
| Service | What to Monitor |
|---|---|
| Stripe | /v1/payment_intents, /v1/customers |
| PayPal | /v2/checkout/orders |
| Square | /v2/payments |
| Braintree | /merchants/{id}/client_token |
Communication
| Service | What to Monitor |
|---|---|
| Twilio | /2010-04-01/Accounts/{sid} |
| SendGrid | /v3/mail/send |
| Mailgun | /v3/{domain}/messages |
| Postmark |
Cloud Services
| Service | What to Monitor |
|---|---|
| AWS S3 | s3.{region}.amazonaws.com |
| Cloudinary | api.cloudinary.com/v1_1/{cloud}/resources |
| Algolia | {app-id}.algolia.net/1/indexes |
| Mapbox | api.mapbox.com/geocoding |
Data & Analytics
| Service | What to Monitor |
|---|---|
| OpenAI | api.openai.com/v1/models |
| Weather APIs | api.openweathermap.org |
| Exchange rates | api.exchangerate-api.com |
| Google Maps | maps.googleapis.com |
Real-World Example
The Scenario
A SaaS app uses Auth0 for authentication. When Auth0 experiences latency spikes, users complain about slow logins, but the ops team doesn't know Auth0 is the cause.
The APIAssert Solution
Monitor 1: Auth0 Token Endpoint
URL: POST https://your-tenant.auth0.com/oauth/token
Headers:
Content-Type: application/x-www-form-urlencoded
Body:
grant_type: client_credentials
client_id: xxx
client_secret: xxx
audience: https://api.example.com
Assertions:
✓ Status code == 200
✓ $.access_token exists
✓ Response time < 2000ms
Interval: 1 minute
Regions: US East, Europe
Monitor 2: Auth0 Status Page
URL: GET https://status.auth0.com/api/v2/status.json
Assertions:
✓ $.status.indicator == "none"
Interval: 5 minutes
The Outcome
- Detected Auth0 latency 5 minutes before user complaints
- Switched to cached tokens temporarily
- Communicated to users proactively
- Avoided support tickets through early detection
Monitoring Strategies
Direct API Monitoring
Monitor the actual endpoints you use:
Pros:
✓ Tests your actual integration
✓ Uses your credentials
✓ Catches integration issues
Cons:
✗ May incur API costs
✗ Rate limits apply
✗ Credentials in monitoring
Status Page Monitoring
Monitor vendor status endpoints:
Pros:
✓ No API costs
✓ No rate limits
✓ No credentials needed
Cons:
✗ May lag behind actual issues
✗ Doesn't test your integration
✗ Not all vendors have them
Best Approach: Both
Critical vendors: Direct API + Status page
Other vendors: Status page only
Assertions for Third-Party APIs
Availability
✓ Status code == 200
✓ Response time < 5000ms
✓ $.status != "error"
Data Quality
✓ $.data exists
✓ $.data is array
✓ $.data.length > 0
Rate Limits
Monitor rate limit headers:
✓ X-RateLimit-Remaining > 100
✓ X-RateLimit-Reset within 1 hour
Version Compatibility
✓ $.api_version == "2024-01"
✓ $.deprecated != true
Best Practices
Use Test/Sandbox Credentials
When possible, use sandbox environments:
Production: api.stripe.com (with live key)
Sandbox: api.stripe.com (with test key) ← Monitor this
Set Realistic Thresholds
Third-party APIs can be slower than yours:
| Service Type | Response Time Threshold |
|---|---|
| Auth | < 2000ms |
| Payments | < 3000ms |
| < 5000ms | |
| AI/ML | < 10000ms |
Create Runbooks
Document what to do when each vendor fails:
## Auth0 Down Runbook
1. Check status.auth0.com
2. Enable cached token validation
3. Notify users via banner
4. Open Auth0 support ticket
Monitor Dependencies of Dependencies
Your vendor relies on others too:
Your App → Auth0 → AWS
Your App → Stripe → Payment Networks
Consider monitoring indirect dependencies for critical services.
Alert Configuration
Critical (Immediate)
Service: Payment provider
Condition: 5xx errors or timeout
Action: Page on-call + Slack
Reason: Revenue impacting
High (Fast Response)
Service: Authentication
Condition: Response time > 3000ms
Action: Slack #engineering
Reason: User experience impact
Medium (Business Hours)
Service: Analytics provider
Condition: Status degraded
Action: Email
Reason: Non-critical, review later
Getting Started
- List your dependencies — What external APIs does your app call?
- Prioritize by impact — Auth, payments first
- Find status endpoints — Check vendor docs
- Create monitors — Direct API and/or status page
- Set appropriate alerts — Critical vs. informational
Related Use Cases
- Payment API Monitoring — Deep dive on payment providers
- Webhook Reliability — Monitor incoming webhooks
