WHITE PAPER

WHITE PAPER

APIs in Action
A Guide to Monitoring APIs
for Performance
 WHITE PAPER

Table of Contents
Introduction.............................................................................................................................................3
Understanding APIs............................................................................................................................3
APIs in Action..........................................................................................................................................4
Chapter One: Soap, Rest and Json...........................................................................................5
Chapter Two: Why Monitor APIs.................................................................................................5
Chapter Three: How to Monitor APIs.......................................................................................7
Chapter Four: Monitoring for SLAs........................................................................................ 11
Chapter Five: Splunk’s API Checks........................................................................................13

APIs in Action 2
 WHITE PAPER

Introduction Understanding APIs

Thanks to the rise of microservices, the spread An API is a set of programming instructions and
of single page web apps and the continued dominance standards for accessing a web-based software
of native mobile apps, APIs are the unsung heroes of application or service. APIs give developers instructions
the modern web. about how to interact with services and can be used
Early on, APIs proved a way for businesses to to connect data between different systems. An API
differentiate themselves and integrate with other describes the available functionality from a service,
systems, but some argue that they didn’t become how it can be used and accessed, and what formats it
completely mainstream until the rise of social media. will access for inputs and outputs.
As social media networks grew and gained more Today entire businesses and applications are built on
consumer users, businesses began building and open APIs, relying on the ability to pass data back and
leveraging APIs to allow users to share and embed forth between systems. Think of an API as a waiter at
content into streams of social media interactions. a restaurant. At a restaurant you have a menu of items
Today we use APIs to connect between multiple you can order. Maybe you have specific instructions
social media platforms — for example, posting from about how you’d like your dinner order to be prepared.
Instagram to Facebook or Twitter — or to connect to When the waiter asks for your order you say, “I would
sets of data, such as pinning our location on a map please like the filet mignon, medium-rare, with a side of
so that we can check in or hail a ride. Many web and creamed spinach and fully-loaded baked potato with
mobile apps that we use today are built on top of other no chives.”
APIs, such that they’re tightly dependent on those Your waiter writes down your order, delivers to the
APIs performing and returning data correctly, quickly, kitchen, picks up your food when it’s ready and serves
securely and reliably. it to you at your table.
Because APIs drive modern applications and In this simple scenario the waiter’s role mirrors the role
infrastructure, it’s critical that we monitor APIs of an API, except instead of delivering an exquisite meal,
for performance. an API delivers data. Like a waiter, the API takes a set of
In this white paper we’ll help you understand the basic instructions (a request) from a source (an application or
functions of APIs, why it’s important to monitor APIs, a developer), takes that request to a database, fetches
and what types of features you should look for when the data or facilitates some actions and then returns a
implementing systems to monitor API performance. response to the source. APIs are messengers that keep
systems connected.
When it comes to sending and receiving API messages,
it’s important to know that APIs may be private
programmer APIs used within an internal organization
or they may be public, consumer-facing APIs. Private
APIs make businesses more agile, flexible and powerful.
Public APIs help businesses connect to offer new
integrations and build new partnerships.

APIs in Action 3
 WHITE PAPER

APIs in Action
Let’s look at a well-known company that relies on Now let’s compare that public API scenario to an
public APIs. example of how APIs can be used to trigger tasks to
The Weather Company collects weather data improve internal business processes.
from millions of endpoints and sources around the Splunk Web Optimization captures a number of
globe. They store this data and make it accessible performance metrics for digital businesses and
to consumer-facing applications via hundreds of provides smart suggestions for how to improve site
different APIs. performance. The optimization tool can help teams
Consider a widget on your home screen or desktop identify when any changes to a website introduce a
that always displays current temperature and weather regression in performance, meaning a site or web
conditions based on your location. Your device may not app has some content that’s making it load slower
have a thermometer or a barometer or any baked-in than it could.
technology that detects or predicts weather patterns, Using the optimization tool’s API, the team at Splunk
but your device can send information about your can integrate performance testing into deployments
location to an API and return the correct data such as and identify any performance regressions introduced.
the temperature and forecast based on your location. A request was built into the deployment process
Even if you’re not on the Weather Company website for the optimization API that triggers a performance
or using one of the Weather Company’s native mobile scan to Splunk’s staging environment and posts the
applications you may be interacting with data from a details of the scan into our Slack chat channel. Now
Weather Company API responding to simple requests. we can use our existing ChatOps setup to notify
the team when anything we build in staging will
make our application slower.

In this scenario the API doesn’t simply return data

based on a request, but it also takes action based on a
request. Both the Weather Company API or the Splunk
API could be public or consumer-facing, meaning that
other systems could rely on these APIs to return data
DATABASE WEATHER APP
or trigger specific actions.

APIs in Action 4
 WHITE PAPER

CHAPTER ONE

SOAP, REST and JSON

At their core, APIs are about requesting and receiving Here are a few high-level points that will help you find
data from a remote service. In this eBook, we are your way:
focusing on web-based APIs, where the request and • Different API formats may use different ways of
response happen over HTTP. There are many different structuring request and response bodies; SOAP is
ways to format these requests and responses. When very structured, using XML. REST can use anything,
reading about APIs, you will see a wide variety of but usually uses JSON.
acronyms or terms. Largely these are unimportant to
• Different API formats may use different HTTP
the broader concepts of APIs, their importance and
methods when making requests. Something like
how to test and monitor them for performance.
SOAP might always use POST, while REST can use
GET, POST or even less common methods like
PUT or DELETE.
• Different formats may pass credentials or
authentication information in different ways.
Cookies could be used, or special HTTP headers,
or even query string parameters.

If you find yourself getting lost or confused, just

remember: APIs are all about sending a request and
getting data back. Everything else flows from this
simple idea.

CHAPTER TWO

Why Monitor APIs

Earlier we covered some examples of systems that Why API performance matters
are dependent on data from APIs or that have core When an API fails and disrupts the performance or
functionality built on top of third-party APIs. user experience on your site, this failure reflects on
APIs are wonderful because they connect services your company. End users and customers likely won’t
and let us pass data back and forth between recognize that a third-party could be at fault. And
uniquely managed systems, but that connectivity and depending on how critical that API is to a transaction
interdependence creates vulnerabilities. When it comes process, this failure could impact your bottom line
to the performance and availability, it’s important to right away.
monitor the APIs that we depend on and the APIs that For example, if a key component of the checkout
we provide for others. process on your website is a location-based search
and you rely on a third-party API to provide the
search by location, when that API doesn’t work
correctly, your potential customers cannot
check out successfully.

APIs in Action 5
 WHITE PAPER

Or, imagine that you developed an application that What to monitor

requires authentication from a social media platform.
So now that you understand why it’s crucial to monitor
If the API for that social media platform goes down,
API performance, you also know that you should
your users might not be able to log into your system.
consider both:
As a developer or a site owner you may decide that the
• APIs that your website or native application relies
benefit of relying on the third-party service outweighs
on for critical data or processes, and
the risk of these types of failures. In order to accurately
assess the risk and have visibility into the impact of • APIs that you manage that customers, end users or
these services over time, it’s crucial that you monitor developers rely on for data or processes.
the part of your site’s user flow that relies on an API.
When monitoring both of these types of APIs, it’s
If you have an open API that you’ve made available
important to test:
to partners or developers, then you have a
responsibility to ensure that the API is available • Availability: Is this API endpoint up? Is it returning
and working as expected. an error?

Or, let’s say that you’ve developed a new internal • Response time: How quickly is the API returning
API that passes order data from a mobile device responses? Is the response time degrading over
to a system in your product warehouse. Maybe it’s time? Is the response time worse in production
critical that the data passes to the warehouse within than in pre-production?
two minutes, or the entire production schedule will • Data validation: Is the API returning the correct
be off. When you developed the API and tested it in data in the right format?
staging it always passed data successfully within • Multi-step processes: Can I successfully save and
one minute, but when you launch the API and start reuse a variable from this API? Does authentication
processing real requests you notice that the real work as expected? Can I complete a transaction
response time is creeping up closer and closer to with data from this API?
that two-minute threshold. Without active monitoring
on the API in production, your team might assume These are just the basic concepts that your team
that the developed API is fast enough based on should be looking for when it comes to monitoring API
pre-production tests. performance. In the next section we’ll cover how to
technically implement monitoring for APIs and what
types of features are important to build out robust,
Note: If you host an API that other people rely on,
flexible performance tests.
be sure to actively monitor that API in both pre-
production and production environments.

Whether it’s to keep tabs on your own APIs or see

the impact of external services that you rely on, it’s
important to monitor APIs for availability, functionality,
speed and performance. If you know you have an API
that’s been unreliable in the past and you’re not actively
monitoring that API, start the conversation with your
team and develop a plan to begin monitoring that
API today.

APIs in Action 6
 WHITE PAPER

CHAPTER THREE

How to Monitor APIs

If you have access to an external, proactive monitoring Some developers may also implement custom
system, monitoring a response from an API for request headers with custom names. It’s common
availability can be pretty simple and easy to execute to see custom request headers with a prefix of “X,”
with basic uptime or ping-type checks. Define the for example: X-Http-Method-Override could override
protocol or put in an endpoint, set the test to run the request method from something like POST to
frequently from locations around the globe, and alert another method like PUT or DELETE.
on bad response codes or latency.
But what if you need to monitor more than availability? Request headers in API checks
There are a number of key features that your monitoring Splunk’s API Check helps us monitor the availability,
solution will need to provide in order to fully test API response time and data quality for transactions with
transactions. These are components of typical API APIs. With an API check, we can set request headers
requests that you will need to configure in your tests with each request as part of a transaction.
beyond, “What endpoint should I hit?” Consider a scenario where we need to POST username
and password credentials to access some information.
Request headers Then once we’re logged in at that endpoint we need
Depending on how a site or application works, request to store and set a session ID in order to pre-populate
headers may be a critical part of requirements for other components specific to our session.
an active monitoring test’s configuration in order to When building the steps for an API check, we can click
effectively simulate a transaction. For example, if we + Add a Request Header to supply one or more headers
need to actively test the way that a checkout process at each request step.
works when a visitor is cookied, then we’ll need some
way to set that cookie with a Request Header when we
build an active test on that transaction.
When we talk about request headers, we’re referring
to fields passed along in the header sections of HTTP
requests. Request headers can include rules and
settings to define how an HTTP transaction should
operate.
There is a standard set of supported request header
types that have specific names and purposes. Some
common examples of request headers would be:
• Authorization: Send credentials for basic HTTP
authentication to give permission for access. In the example above, we’re using Splunk’s API check to:
• Cache-Control: Tell the browser how long a 1. Make a request to POST a username and password
resource is eligible to be cached and reused. to an endpoint to log in.
• Content-Type: Tell a server the MIME type of the 2. Extract a session ID from the response body using
body of a request so that the server knows how to JSON path and save that ID as a variable that can
parse the data. be reused in future steps.
• Cookie: Set a cookie to be stored in the browser so 3. Make a request to POST to a different endpoint
we can track state or sessions. with the Session-id in the request headers.

APIs in Action 7
 WHITE PAPER

We could continue to add more functional steps to this When using any type of direct authentication, it’s
transaction or add an Assert step to confirm that the important that you also use SSL/TLS or
session ID is set as expected. https:// at the start of the API endpoint URL. Using
SSL/TLS will ensure that the HTTP basic authentication
Handling authentication credentials or API keys aren’t exposed in the URL.
In the above example we used request headers to Interested in learning more about SSL/TLS and how
send over a username and password for authentication. to optimize for performance? There are a number of
Let’s take a minute to focus on the security aspect excellent articles on the Zoompf blog.
of APIs and how we can consider this as we build
performance tests. HTTP basic authentication
Authentication for an API defines who has permission If you are using basic authentication to secure your
to access secure data or endpoints. This is especially APIs, it’s super simple to include that authentication
important for APIs sharing sensitive information, APIs when configuring an external monitor to check for
that allow end users to make changes, or for companies API performance.
that charge some cost for accessing data via API. And
The most common and reliable way to set up a
while securing an API for an individual human end user
monitoring request with HTTP basic authentication
is one undertaking, there are additional considerations
is to go ahead and encode that username:password
as we authenticate systems for an increasing number
value in base64 and send that value over in an
of non-human entities.
authorization header:
As APIs become more secure, proactive monitoring
systems are adapting to make it possible to access
secure systems externally.

Direct authentication
A good example of direct authentication is HTTP basic
authentication. HTTP basic authentication is a standard
part of HTTP, and it can be used for API endpoints
or any HTTP URL. You simply send a username and It’s important to note that while it’s easy to encode
password — encoded together in base64 — as usernames and passwords into base64, it’s also
part of your request to the API. The benefit of HTTP very easy to reverse or decode so that a system can
basic authentication is that it’s easy to implement authenticate a request. You can try this yourself with an
and is typically included in standard frameworks. On online base64 encoder/decoder. Because base64 is so
the downside, HTTP basic authentication offers no accessible, it’s important to protect this type of direct
advanced options and may be easily decoded. authentication with SSL/TLS.
Another example of direct authentication
would be using API keys or tokens. API keys
are just a long string of hexadecimal digits, i.e.
34d83d84f28d146aeae0e32f7803c88d, that
can be sent instead of a username or password to
authenticate access to an API endpoint. API keys
are essentially the same as a set of username and
password credentials, but they provide a layer of
abstraction that is useful. For example, multiple end
users could share a single API key.

APIs in Action 8
 WHITE PAPER

API keys bring her back in a few minutes.” That would be similar
to direct authentication in the sense that I’m giving the
From a monitoring standpoint, it’s fairly simple to
car key directly to you based on your name.
replicate the process of hitting an endpoint with an API
key in the URL or with request headers. Supply the key Now imagine that I’m selling you a luxury vehicle from
and just remember that if it ever changes you’ll need to a dealership. You meet me at the dealership and give
update your monitoring test’s configuration as well. me your driver’s license. I don’t have one key that will
work for all of the cars on the lot. I have to take your
driver’s license and use it to register your information
to a computer system that will verify that you’re an
upstanding gentleperson. This will then unlock a box
where I can take out a key that will only work for the
vehicle you’re now registered to test drive. This is
similar to a ticket-based system in the sense that I’m
relying on a centralized system to distribute a key that’s
now connected to you through the ticket.
OAuth, Kerberos, single sign on and webforms are all
Note that different systems may accept API keys in
examples of ticket-based authentication systems.
different ways — for example, as part of the POST
You may even develop your own custom authentication
data instead of as a request header — so check with
system. While there are many different ways to
the API you are monitoring to understand how to
implement this type of protocol, most ticket-based
properly transmit the API Key.
systems share a similar structure in the sense that
you first make a request for a ticket or a token and then
use that ticket or token to access secured data
Ticket-based authentication or endpoints.
While there are certainly some conveniences to The tickets in ticket-based authentication systems look
implementing direct authentication, we may need very similar to the API keys we discussed above. One
to add an additional layer of security to our APIs. main difference is that the tickets are ephemeral. They
Ticket-based authentication systems rely on central are only valid a short period of time and can be easily
authentication servers that act as intermediaries, revoked, which provides an extra layer of security.
accepting credentials from end users and then sending
back tickets, tokens or keys that allow the specific end
Monitoring with ticket-based authentication
user to access only specific secured data. Ticket-based
authentication is ideal for any scenario where you’re In order to effectively monitor an API that uses ticket-
protecting sensitive information, allowing an API to based authentication you must be able to complete
create objects or make changes or if you’re charging multiple steps and save the ticket or token in a variable
some cost for use of your API. that can be reused in future steps.
A simple example of this would be to make a request
Understanding ticket-based systems with a username and password and some type of
specification in the header, then retrieve a token from
We might think of ticket-based authentication as similar
the system, save that token as a variable and then
to how we might obtain keys to test-drive vehicles.
make another request to an endpoint with that token
Imagine that I’m selling my junker of a car on Craigslist. as a header.
You meet me at the local diner so you can give my car a
test drive. You show me your driver’s license. I say, “Hey!
You seem to be this nice person who I just met online. I
trust you absolutely. Here’s the key. Give her a spin and

APIs in Action 9
 WHITE PAPER

If you’re not already implementing some authentication In the example that follows we’re using a Splunk API
for your API, it’s critical that you start doing so to Check to:
protect your data and your systems. And, as you 1. Make a request with an API key to Splunk API’s
increase security make sure that your external endpoint for real browser check data.
monitoring systems also have the permission and
2. Assert that the response code contains the
ability to monitor the performance and reliability
value ‘200.’
of your system. If you’re only monitoring your API
performance on the application side, you could miss 3. Extract the check ID from the JSON using
all sorts of connectivity problems preventing your end JSON path.
users from accessing data or making changes through
your API.

Monitoring and validating data

When we’re monitoring a website in a browser we want
to go beyond checking the response code and confirm
that some content or images load on the page. If the
page returns a “200 OK” but it’s completely blank,
that’s something we’ll want to investigate right away.
The same concept applies when we’re monitoring API
endpoints. When monitoring API endpoints we want to
not only confirm that the response code is expected
but that the right data comes back in the right format,
too. Let’s walk through a simple use case for how to use
basic Extract and Assert options to validate that an API
returns data in the correct format.
4. Assert that the check ID extracted from the JSON
A data validation example path is the expected value. This very simple user
flow helps us test:
Splunk Optimization has an open API that Splunk
users rely on to regularly pull data for reporting. It’s • Availability: The check will fail if the API returns a
important that when a Splunk user hits the endpoint for response code that’s not 200 OK.
their check with an API key that we return a “200 OK” • Data Format: If the data comes back from the
response code and the data set for the correct ID that API in a format other than JSON then the step to
matches the endpoint. extract a value using JSON path will fail the check.
We can create an external, synthetic test to hit the • Data Quality: If we’re able to extract a value for the
check endpoint at a set frequency from multiple ID but it doesn’t match the expected value, then
locations and confirm that: the assert step will fail the check.
1. Response Code = 200, and
For example, if we receive an alert that our external
2. The check ID included in the JSON output
monitor was unable to extract the check ID in JSON
matches the URL endpoint we’re hitting.
we would want to visit our alert and inspect the output
or response body from the API endpoint. By looking
at the response body we could quickly see whether
the format was incorrect or whether the id value was
missing from the output. This information would help us
start troubleshooting right away.

APIs in Action 10
 WHITE PAPER

This is just one simple example of how to implement strategy is to write tests in a way that allows a system
robust monitoring for an API. If your current API tests to call an API and not receive data.
only monitor for response code and response time, When writing code with lots of local calls, a wrapper
it might be time to consider adding some additional that calls to an external API often goes unnoticed with
criteria for data format and quality. the context of an application. If your test is designed
to alert when no data is present, this will help make
Write performance tests to assume failure sure you don’t miss critical errors. Remember to make
So far we’ve looked at how to monitor with request your code resilient so that when it receives an error
headers, authentication and data validation in mind. message, mangled data or no response at all, it will
When it comes to writing performance tests, one continue to function.

CHAPTER FOUR

Monitoring for SLAs

Earlier we touched on the vulnerabilities that arise from And one party might be entitled to a credit, refund,
interdependent systems that must pass data back or freedom to back out of a contract depending on
and forth on the web. As more and more applications whether those SLAs are met and upheld.
are structured on top of third-party APIs it’s critical to For example, let’s imagine there’s a ride-sharing web
businesses that partner APIs perform quickly, safely, app that relies heavily on data from a third-party that
securely and reliably. specializes in mapping. When this ride-sharing web app
Businesses have developed a way to manage this risk, agrees to work exclusively with one excellent mapping
and we typically refer to these contracts as “SLAs.” provider, that mapping provider may guarantee, “Your
ride-sharing app will have access to our map data
What is an SLA? 99.99% of the time and we will notify your team at
least three weeks in advance of upcoming planned
A service-level agreement (commonly called an SLA)
maintenance.”
is an agreement between two parties about what
services will be provided from one party to another. In a The team managing the ride-sharing web app might say,
broad sense this agreement could include any number “Nice! That sounds like a great deal. Our users tolerate
of services — everything ranging from custom support some glitchiness and they never complain about it on
replies times to product delivery. Twitter, so 99.99% uptime is more than enough. Three
weeks is plenty of time to let our customers know
Often when SLAs are established between two
about upcoming downtime. We agree to the terms, but
technology or software providers, the agreement will
if your API is available less than 99.99% of the time we’ll
outline both:
need to be refunded in full.”
• Availability: What uptime percentage can be
Everyone signs on the dotted lines and shakes hands
guaranteed by the partner? How much time in
and the ride-sharing web app builds a new feature that
advance is required to notify a partner of planned
hooks to pull data from the mapping provider’s API.
downtime or maintenance?
• Responsiveness: How quickly can my system
expect reply times from a partner’s system?

APIs in Action 11
 WHITE PAPER

How to ensure that you’re upholding your SLAs With the proactive data that simulates real end users
interacting with our mapping system we can:
As business owners for the mapping provider we might
say, “Hey, we need some data to get ahead of issues so 1. Get ahead of performance issues before they
that we can make sure that we’re upholding our end of affect our real users, and
the bargain. And, it would be nice if we could share that 2. Share reports with our partner to demonstrate that
data publicly with our partners at the ride-sharing web our uptime is exactly what we promised.
app so they know they can trust our service.”
We could rely on the internal monitoring of our
application, but that might only give us part of the
picture. How do we know whether our map data
is available from our API to the end user outside of
our system? How do we confirm that data isn’t just
available but in the right format?
We can build a synthetic, external monitor to test
pulling data from our own API and put alerting in place
so that our engineers know right away if there’s any
type of issue that might be putting us close to breach
of our agreement.

How to enforce SLAs with your partners

As business owners of the ride-sharing web app we
may say, “Hey, that’s nice that you’re giving us these
reports, mapping provider friends, but we really need to
do our own due diligence and compare some external
The example above shows an alert from an API check in data to your reports.” We could use external API checks
Splunk Synthetic Monitoring. to monitor the performance of the mapping API and
confirm that the mapping API is in fact up 99.99% of
the time.
In the event that we see availability fall under the
SLA or if we see prolonged downtime that wasn’t
communicated three weeks in advance, we could use
our reports to start a conversation with our partner
about rectifying the breach of the agreement. We may
also use API checks to better understand how issues
with our partner’s API might affect our real users.

APIs in Action 12
 WHITE PAPER

API checks can be used by partners on both sides

of service-level agreements to confirm that the Remember: API checks can be used to monitor
agreement is being met according to the terms. For API both availability and responsiveness. Any use cases
owners, proactive monitoring can help you catch issues we build for API checks should match our SLAs. If
before they impact your partners and empower you our agreement is based on availability alone, we can
with reporting that’s easy to share with your partners. configure a check to simply hit the end point and
For API end users, proactive monitoring can alert you then rely on the uptime %. If our agreement is based
of third-party issues affecting your users and also help on how quickly an API returns data, then we can build
offer an extra level of confidence that your partners are a multi-step check that pulls data from the API and
upholding their agreement. then compare the average response time to
In the example that follows we can see a multi-step our agreed standards.
API check on the mapping provider’s API that confirms
that data falls in an expected range and tracks the
availability of these requests.

CHAPTER FIVE

Splunk’s API Checks

At Splunk we’ve developed a framework for perfor- Splunk’s API checks are built upon four simple
mance tests that can help businesses understand concepts:
whether APIs are performing as expected. 1. Making HTTP requests
With API checks we can:
2. Extracting data from responses
• Track the availability of critical APIs.
3. Saving data for use in additional requests
• Capture and trend an API’s response time. or analysis
• Ensure API functionality by validating the API’s 4. Making assertions about data and its format
response values and structure.
The components are simple, but powerful. Like a
• Alert on any conditions indicating a broken or
fractal, sometimes beautiful and complicated things
poorly performing API, allowing teams to get ahead
can be made by arranging the most basic building
of issues before they affect users or breach SLAs.
blocks. Splunk’s API check uses simple pieces that
can be assembled together for test cases capable of
monitoring and verifying some of the most complicated
API flows.

APIs in Action 13
 WHITE PAPER

Engineers worked closely with customers during the Takeaways

development and beta testing of the API check to make
Do you have an application dependent on first-party
sure this simple approach would make the check easy
or third-party APIs? Do you provide data to your
to understand while covering customer needs. One
customers via an API? Do you need great transparency
of our beta testers was a company called Lookout,
into the availability, functionality, and performance of
a leader vendor of mobile security solutions. Here is
an API? The answer to any of those questions is the
what Dean Ross-Smith, a Cloud Operations Engineer at
new API check for Splunk Synthetic Monitoring. To
Lookout, had to say:
learn more about Splunk’s web performance products
“The flexibility of Splunk’s new API Check allowed or have a demo, contact us today.
Lookout to configure a check and monitor a critical
piece of infrastructure. We weren’t able to do this
before with other solutions.”

Designed with businesses in mind

Whether an API is powering a web property, a mobile
app or even the core infrastructure of your business,
Splunk’s API check ensures that API is available,
performing and functional in ways that users of any
technical level can understand.
Here are just a few of the business needs that our API
check can solve:
• Testing complex, multi-step API flows
• Monitoring availability and response time from
geographies around the world
• Tracking and enforcing performance SLAs of
third-party APIs
• Verifying correctness of API responses
• Testing the entire CRUD lifecycle of a data object
via an API
• Handling complex token-based API
authentication systems
• Monitoring application status pages

To get the full details and technical walk through, read more about API Check on Splunkbase.

Learn more: www.splunk.com/asksales www.splunk.com

Splunk, Splunk>, Data-to-Everything, D2E and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.
All other brand names, product names or trademarks belong to their respective owners. © 2021 Splunk Inc. All rights reserved. 21-16715-SPLK-APIs-In-Action-TWP-106