Welcome!

@CloudExpo Authors: Ed Featherston, Yeshim Deniz, Elizabeth White, Liz McMillan, Kevin Benedict

Related Topics: @CloudExpo, Cloud Security, @ThingsExpo

@CloudExpo: Blog Feed Post

Five Ways to Safeguard Your Application from Third-Party API Outages By @webcodepro | @CloudExpo #Cloud

There have been a number of high-profile API outages in recently that caused some well-known websites & applications to go down

Five Ways to Safeguard Your Application from Third-Party API Outages
By Janet Wagner

The Internet of Things (IoT) is growing at a rapid pace with millions of new devices getting connected every day.

Gartner forecasts that 6.4 billion connected things will be in use in 2016 and by 2020, the number will reach 20.8 billion. Billions of devices including smartphones, laptops, cars, watches, refrigerators, and even thermostats are all getting connected thanks to APIs. Many of these devices are part of a larger application ecosystem, connected to the cloud and each other using the same APIs.

There have been a number of high-profile API outages in recent months that caused some well-known websites and applications to go down. With so many devices and applications using many of the same cloud services and APIs, one outage can potentially take down entire application ecosystems. While it may not be possible to completely prevent an API outage from taking down your website, web or mobile application, it is possible to take steps to reduce the impact of a third-party API outage.

Web Service Outages
Twitter experienced a major outage for about an hour on January 19, 2016 which caused the Twitter website and applications to malfunction for users worldwide.

Twitter Outage

Application ecosystems are getting larger and more complex with each passing day. While API providers do their best to ensure API availability, outages do still occur from time to time.

Consider the following examples:

  • On January 26, 2015, both the Facebook and Instagram API servers went down for about an hour taking down Facebook and Instagram. The outage also impacted a number of well-known websites including Tinder and HipChat.
  • On September 20, 2015, Amazon Web Services (AWS) experienced a brief disruption that caused an increase in faults for the EC2 Auto Scaling APIs. Within the same month, the Facebook Graph API went down briefly on three separate occasions. Facebook is considered a very reliable service so the fact that Facebook suffered from three outages in the same month was widely reported.
  • On January 19, 2016, Twitter experienced a major outage that impacted many of the websites and applications using Twitter APIs. The API outages caused the Twitter website and applications to malfunction for users worldwide for about an hour.

API outages aren't limited to the large scale APIs like those experienced by giants like Facebook and Amazon. And if you have an application that is dependent on external APIs to perform a critical function, you need to have a plan for dealing with disruptions.

There are a number of solutions that developers can use to prevent API outages from negatively impacting a website or application.

1. API Virtualization
API virtualization
is a process that makes it possible to create a virtual copy of an API capable of emulating the same functionality and performance of a production API. API virtualization can be used to create a virtual sandbox for integration, scenario, load, and performance testing of internal and third-party APIs. Unlike service virtualization, a process that mimics an entire system, API virtualization only emulates the API which is considerably less expensive, easier to implement, and less time consuming.

"It's all about time and cost. API virtualization, beyond simple service mocking, provides technical teams a frictionless way to reduce delays in development and testing. Lightweight, virtual APIs empower teams to simulate errors, network latency and congestion, and even stand up API sandboxes," said Paul Bruce, API team product manager at SmartBear. "These ‘virts' (as the folks at SmartBear call them), allow you overcome third-party downtime, safeguard you from running over subscription limits, and even help to simplify versioning and release logistics."

Using API virtualization tools like ServiceV Pro, developers can test third-party API integrations by mimicking errors, server, and network behavior.

Matti Hjelm, product owner at SmartBear, said that "ServiceV works from two angles: both from the dev perspective to quickly create APIs for own use or for others to use; and for testers to have something to test against. This will truly speed up the build and deploy workflows dramatically."

API virtualization can help developers anticipate how specific third-party API outages will impact their application allowing them to plan for outages before moving the application to general availability.

2. Synthetic and Real User Monitoring
Synthetic Monitoring

Synthetic monitoring
is a script or tool that is capable of monitoring various aspects of APIs, web and mobile applications. Synthetic monitoring effectively "simulates users" monitoring the paths that users may take while using an application. Synthetic monitoring can help developers discover problems with an application before users do. Using synthetic monitoring, developers can find out:

  • How well the website/application performs from specific geographic locations.
  • How long it takes web pages to load.
  • How an outage or slowdown will impact users.
  • How well third-party scripts and APIs are operating.
  • How well transactions are performing.
  • How new features will impact performance and speed.

These are just a few of the things that developers can learn about an application by using synthetic monitoring.

"On the production side, synthetic API monitoring provides critical visibility into how your APIs perform under real conditions, prove uptime and availability, and split out important layers of your user experience so you can involve the right people to quickly resolve problems when they arise," said Bruce.

Real User Monitoring
Real user monitoring (RUM
) is a script or tool designed to monitor and analyze all user transactions of a website or application. RUM is based on the traffic of actual application users, not virtual or simulated users like synthetic monitoring. RUM shows how users are interacting with an application, providing metrics that reflect the user experience (UX).

RUM can be used to monitor and capture a wide variety of web and mobile application metrics including load time, speed, errors, transaction performance, availability, and more. Problems with third-party APIs can impact the speed and performance of a website or application. There are RUM tools that can send automatic alerts in the event of a problem such as an API outage or application slowdown.

Products like AlertSite can be used for RUM monitoring as well as for synthetic monitoring of APIs, web and mobile applications.

3. A/B Testing
A/B testing is a method of testing in which two variants of a web page or application are compared to each other. For example, two versions of an application; one that includes a third-party API and one that does not, would be compared to see how that API will impact application speed and performance. A/B testing tools use data and metrics to determine the positive or negative impact of specific changes made to web pages or applications.

4. Asynchronous Scripting
Asynchronous scripting helps web pages render faster by allowing the main body of content to be loaded without having to wait for all of the external scripts to load. Without asynchronous scripting, users must wait for all of the external scripts to load first before they can view the main content of the web page. If a problem with a third-party script or API occurs, asynchronous scripting allows the body of content to be loaded despite the problem.

Many API providers offer APIs via JavaScript SDKs with code that is asynchronous by default. Third-party JavaScript APIs and code snippets that are not already asynchronous can be loaded asynchronously. In HTML5 for example, external JavaScript files can be loaded asynchronously using the async tag:

<script async src="script.js"></script>

5. Caching
Caching API responses allows API data to be stored on your website server instead of relying on the third-party server for every API call. Caching helps prevent an application from being impacted by third-party API outages because data is pulled from a local cache file instead of directly from the API server. Caching scripts are available in PHP, Python, and many other languages.

Conclusion
This article covers only a few of the steps that can be taken to safeguard your application from third-party API outages and errors.

Limiting the number of APIs your application uses, using well-designed APIs from reputable API providers, and using a full-featured APM tool can also help safeguard your application from API outages.

With the number of connected devices and application ecosystems growing at such as rapid pace, it is more important than ever for applications to be safeguarded from third-party API outages and errors.

Read the original blog entry...

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.

@CloudExpo Stories
Blockchain. A day doesn’t seem to go by without seeing articles and discussions about the technology. According to PwC executive Seamus Cushley, approximately $1.4B has been invested in blockchain just last year. In Gartner’s recent hype cycle for emerging technologies, blockchain is approaching the peak. It is considered by Gartner as one of the ‘Key platform-enabling technologies to track.’ While there is a lot of ‘hype vs reality’ discussions going on, there is no arguing that blockchain is b...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settle...
"IBM is really all in on blockchain. We take a look at sort of the history of blockchain ledger technologies. It started out with bitcoin, Ethereum, and IBM evaluated these particular blockchain technologies and found they were anonymous and permissionless and that many companies were looking for permissioned blockchain," stated René Bostic, Technical VP of the IBM Cloud Unit in North America, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventi...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
The cloud era has reached the stage where it is no longer a question of whether a company should migrate, but when. Enterprises have embraced the outsourcing of where their various applications are stored and who manages them, saving significant investment along the way. Plus, the cloud has become a defining competitive edge. Companies that fail to successfully adapt risk failure. The media, of course, continues to extol the virtues of the cloud, including how easy it is to get there. Migrating...
The need for greater agility and scalability necessitated the digital transformation in the form of following equation: monolithic to microservices to serverless architecture (FaaS). To keep up with the cut-throat competition, the organisations need to update their technology stack to make software development their differentiating factor. Thus microservices architecture emerged as a potential method to provide development teams with greater flexibility and other advantages, such as the abili...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed.
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to deep and abiding love. But as with any long-term affair, the honeymoon soon leads to needing to live well together ... and maybe even getting some relationship help along the way. And so it goes with container orchestration and automation solutions, which are rapidly emerging as the means to maintain the bliss between rapid container adoption and broad container use among multiple cloud host...
Blockchain is a shared, secure record of exchange that establishes trust, accountability and transparency across business networks. Supported by the Linux Foundation's open source, open-standards based Hyperledger Project, Blockchain has the potential to improve regulatory compliance, reduce cost as well as advance trade. Are you curious about how Blockchain is built for business? In her session at 21st Cloud Expo, René Bostic, Technical VP of the IBM Cloud Unit in North America, discussed the b...
Imagine if you will, a retail floor so densely packed with sensors that they can pick up the movements of insects scurrying across a store aisle. Or a component of a piece of factory equipment so well-instrumented that its digital twin provides resolution down to the micrometer.
While some developers care passionately about how data centers and clouds are architected, for most, it is only the end result that matters. To the majority of companies, technology exists to solve a business problem, and only delivers value when it is solving that problem. 2017 brings the mainstream adoption of containers for production workloads. In his session at 21st Cloud Expo, Ben McCormack, VP of Operations at Evernote, discussed how data centers of the future will be managed, how the p...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory? In her Day 2 Keynote at @DevOpsSummit at 21st Cloud Expo, Aruna Ravichandran, VP, DevOps Solutions Marketing, CA Technologies, was jo...
"Since we launched LinuxONE we learned a lot from our customers. More than anything what they responded to were some very unique security capabilities that we have," explained Mark Figley, Director of LinuxONE Offerings at IBM, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
When shopping for a new data processing platform for IoT solutions, many development teams want to be able to test-drive options before making a choice. Yet when evaluating an IoT solution, it’s simply not feasible to do so at scale with physical devices. Building a sensor simulator is the next best choice; however, generating a realistic simulation at very high TPS with ease of configurability is a formidable challenge. When dealing with multiple application or transport protocols, you would be...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, provided a fun and simple way to introduce Machine Leaning to anyone and everyone. He solved a machine learning problem and demonstrated an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intelligence and B...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.