The API Check provides a flexible way to check the functionality and performance of API endpoints. The shift toward API first development has magnified the necessity to monitor the back-end services that provide your core front-end functionality. Whether you're interested in testing the multi-step API interactions or you want to gain visibility into the performance of your critical web-services, the API Check can help accomplish your goals.
2. Agenda
Introductions
Overview Of Rigor & Performance for (insert company name here)
What Can I Test with API Check?
API Check Introduction
In-App Overview
Deep Dive Into API Check
Example API Check
Appendix
3. Monitor
Alert
Trend
Optimize
Rigor’s Value To (insert company name here)
What is Rigor?
Advanced web performance monitoring tool that provides real–time data on
how sites are performing and diagnoses issues that cause poor performance.
4. (Insert Company Name Here) goals
• Enable each brand to “self-serve” for front-end
performance testing including:
• Investigating alerts
• Identify issues
• Analyze performance data
• Consistent service experience
5. What Can I Test with API Check?
• Availability and performance of individual API endpoints
• Verify your API endpoints are returning the correct data
and response codes
• Transactional API workflows with variables and dynamic
data inputs
• Trigger alerts based on any part of an HTTP request or
response
6. API Check Introduction
API Checks provide a flexible way to check the
functionality and performance of API endpoints.
API Check Steps
• Request – makes a HTTP request to some endpoint and collects data
from that interaction
• Assert – makes an assertion on two values
• Save – stores some data to be reused later in the check
• Extract – extracts data out of formatted data (JSON, XML, HTML)
• JavaScript – runs custom JavaScript code
9. Request Step
Makes a HTTP request to some endpoint and collects data from that
interaction. All HTTP requests are configured within request steps.
Request Methods:
• GET
• HEAD
• POST (can send post data)
• PUT (can send post data)
• DELETE
Headers – A ‘Request’ can have multiple
headers
Failures – Non-200 level response codes
do not automatically fail a request step*
* Requests are only considered failures when the
request/response cycle cannot be completed. Use ‘Assert’
step to validate response code.
11. Assert Step
Makes an assertion on two values. To make an assertion, supply
two parameters along with the comparison that you would like to
perform between the two.
Comparisons – We currently
support 2 types of
comparisons: string and
numeric.
Failures – An ‘Assert’ step will fail if the
assertion is false when the step is run.
13. Save Step
Stores some data to be reused later in the check. To save data,
supply the source and the name of the custom variable to save to.
Source – can be selected
from the presets, including
response headers, or by
providing a custom value.
Failures – A ‘Save’ step never fails.
15. Extract Step
Extracts data out of formatted data. Right now, Rigor’s API Check
supports JSON, XML, or HTML data.
To extract data, supply 3 things:
1. Source containing JSON, XML,
or HTML
2. Expression to extract data
3. Custom variable name
Failures – An extraction will fail if
there is not a single result.
A result is a JSON Primitive.
Note: this means that the step will
pass if the extraction returns a
single JSON object or array.
16. Step Type
Data Format
(JSON, XML, HTML)
Custom Variable Name
Source
Custom Variable
Reference
Extraction Expression
17. Javascript Step
Runs custom JavaScript code. Enables access to variables and
computations, allows return data to be saved as new variables.
Sample Use Cases:
1. Validate API Functionality
with Logic
2. Transform or Modify Data
Between API Check Steps
3. Dynamically Update Test
Data
Failures – A JavaScript step will
fail if there are any errors in the
JavaScript code.
19. API Check allows variables in most fields. A variable consists of two
parts, the namespace and the variable name. To use a variable in a
step, surround the variable with {{ and }}.
Variables
API Check has 4 different variable types:
• Built-in variables – initialized at the beginning of the check before any
steps have run. Remain constant within a run but change between runs.
• Request variables – updated after every request step.
• Custom variables – created by the user.
• Global variables – defined in a single place and reused across checks.
25. API Check – Failed Run
Date, Time,
Location, IP Address
Alert Description
Who was notified?
Response Time
Nslookup
Traceroute
26. API Check – Failed Run (continued)
cURL Request
Output
Request
Headers
Response Body
Response
Headers
27. API Check – Test check
When creating or editing an API Check, it is important to be able to
test the configuration. API Check allows tests from any location
Debugging Information on
Edit Screen
28. Example API Check – overview
This API check example uses the Spotify API to demonstrate the
following functionality:
• Authentication (Request, Assert, Extract)
• Search (Request, Assert)
• Pull Data (Extract, Request, Assert)
• Manipulate Data (Extract, JavaScript)
29. Example API Check – authentication
Global Variable
Request Body Parameter
Endpoint
Check Request Success
Extract Access Token
30. Example API Check – search
Endpoint
Response Time Check
Custom Variable Reference
31. Example API Check – pull data
Endpoint
Custom Variable Reference
Extraction Expression
Custom Variable Name
32. Example API Check – manipulate data
JavaScript Code
Custom Variable Name
Validate Result
33. API Check – Resources
Technical Resources
Rigor Knowledge Base
• http://help.rigor.com/api-check/
JSONPath Introduction
• http://goessner.net/articles/JsonPath/
JSONPath Expression Tester
• https://jsonpath.curiousconcept.com/
API Background Information
What is an API? A Brief Intro
• http://rigor.com/blog/2016/05/what-is-an-api-a-
brief-intro
Why Monitoring APIs is Important
• http://rigor.com/blog/2016/07/why-monitoring-
apis-is-important
Best Practices for Monitoring an API
• http://rigor.com/blog/2016/07/best-practices-
monitoring-an-api
35. Help Resources
Rigor Knowledge Base
• http://help.rigor.com
Rigor Support Channel
• In App: Intercom widget
• Email: support@rigor.com
Rigor Blog
• http://rigor.com/blog
36. ALERTs Overview
How can you be alerted in Rigor?
• Email, Phone Call, Text (SMS),
Custom Webhook
What information is contained in
a Rigor alert?
• Check Name (hyperlinked to check
in Rigor)
• Cause of failure
• Who was notified
• Time & Location of failure
• Link to related run and check history
37.
38.
39. Reports Overview
Configured to deliver via email on schedule (weekly)
• Table with performance data
• Check names link to app
• Link to Custom Report
Performance metrics included:
• Uptime
• Load Time
• Failure Count
Editor's Notes
Monitor and Trend performance of key user flows & pages from the end user perspective
Alert when your site’s performance degrades
Optimize the specific defects that are causing the degraded performance automatically
**And how often for each thing?**
(1) User flows you care about
(2) Third party services (if possible)
Best practices:
How long should tests run?
Can you run too many tests?
How frequently to run tests?
In the example, we are sending JSON payload via a POST request. We are also setting the Content-Type header to indicate that the payload is JSON.
Supported HTTP Methods:
GET
HEAD
POST (can send POST data)
PUT (can send POST data)
DELETE
In the example, we make a request and then make three assertions. The first two assert steps claim that the response code is between 200 and 299 inclusive. The final step asserts that the response body contains the string I'm feeling lucky.
Parameter 1:
Response Body
Response Body Size
Response Code
Response Time
DNS Time
First Byte Time
Response Headers
Custom
Parameter 2:
Specify a string or numeric value
Source:
Response Body
Response Body Size
Response Code
Response Time
DNS Time
First Byte Time
Response Header
Custom
In the example, we save an API key in the first step. The key is then reused in subsequent steps. This allows us to do some setup at the beginning of the check, and if the key ever changes we only have to change in one place per check.
Some additional use cases are appending bits of information to easily reuse in other steps and saving the results from one request to be reused after another request is made.
Source:
Response Body
Response Body Size
Response Code
Response Time
DNS Time
First Byte Time
Response Header
Custom
In this example, we visit a site with a request step, and then extract data out of the response body. We use the JSONPath Expression ‘$..entries[0].link’ to pull out the link from the first entry in the response. The result is stored in the ‘custom’ namespace in the variable named ‘rigor_url’. This is accessed in the next request step as ’{{custom.rigor_url}}’. If you would like to test out a JSONPath expression against JSON, there is a handy JSONPath Expression Tester (see below).
Source Types:
Response Body
Response Header
Custom
JSONPath Resources:
General Info: http://goessner.net/articles/JsonPath/
JSONPath Expression Tester: https://jsonpath.curiousconcept.com/
Page Contains:
Check Name
Status and last response time
Frequency and Locations
Daily/Weekly Response Time and Uptime trends
Performance History
Filter/segment by location, segment by time frame
Run Count, Errors, Uptime, Average Response Time, Slowest/Fastest Time
Page Contains:
Date, Time, Location, IP Address (of failure)
Alert Description, Associated Step
Who was notified?
Response Time
Alert Diagnostics
Nslookup: https://en.wikipedia.org/wiki/Nslookup
Traceroute: https://en.wikipedia.org/wiki/Traceroute
Coming soon: Verbose output (recommended)
Page Contains:
Request Logs: cURL Request text output
Request Information: Request Headers, Request Body
Response Information: Response Headers, Response Body
Technical Resources
http://help.rigor.com/api-check/
http://goessner.net/articles/JsonPath/
https://jsonpath.curiousconcept.com/
API Background Information
http://rigor.com/blog/2016/05/what-is-an-api-a-brief-intro
http://rigor.com/blog/2016/07/why-monitoring-apis-is-important
http://rigor.com/blog/2016/07/best-practices-monitoring-an-api
Knowledge Base: detailed articles to help you get started with Rigor and helpful How To? tips
Rigor Support Channel: channel to contact Rigor’s support team
Rigor Blog: repository of industry related blogs, new feature releases, and helpful performance tips
Alert delivery configured on user level: https://monitoring.rigor.com/admin/users_and_groups- Under ‘Receive Notifications By’ heading, select Email, Phone, Text (SMS)
- Knowledge Base: http://help.rigor.com/learn-more/user-settings.html
Check level notification settings: Select primary User or Group to receive alerts for a particular check. (first line of defense)
Add alert escalations in case primary user does not acknowledge initial alert
Knowledge Base: http://help.rigor.com/how-to/escalations.html
Custom Alert Configurations
- Knowledge Base: http://help.rigor.com/learn-more/configuration-templates.html
Custom Reports found here: https://monitoring.rigor.com/custom_reports
Can select which checks to include using tags (e.g. pick only checks from your brand)
Can send to groups, users or email addresses
Knowledge Base: http://help.rigor.com/how-to/custom-reports.html
http://help.rigor.com/how-to/email-schedules.html