The emergence of API Gateways have created a new and equally important market for functional API monitoring. This is due, in part, to the fact that mission critical APIs require a proactive approach to monitoring as opposed to a reactive approach. Being proactive means catching the problem before it is reported by the consumers. But if we have followed the API-led paradigm to create our Mule apps, how can we make sure all the API layers and connectors are healthy? Let’s break down the ideal method for configuring Mule 4 applications for functional monitoring.
Overview
Our example will use API from each layer of API-led approach: Experience API (EAPI), Process API (PAPI), and System API (SAPI). The SAPI will connect to two imaginary data stores: file system and database. All the layers are interconnected and will be invoked by Anypoint Platform’s functional monitoring feature.
Anatomy of the Silverline API Healthcheck
Let’s take a look at the RAML for “Silverline Helloworld Experience API.” Notice that there are three resources: ping, healthcheck, and greeting. Invoking “/greeting” will return a static response of “Hello World,” so it is not interesting. Ping, as the name implies, will be used by the monitoring app or possibly by the load balancer to check immediate health of the app. Even if you decide not to implement “/healthcheck” resource, “/ping” should be part of every Mule app. Lastly, invoking “/healthcheck” will return status for all of the app’s dependencies by invoking “/ping” on all of its dependent APIs (see example in the RAML below).
Alternatively, you can invoke a resource that hits every dependent resource, but this usually means multiple calls with business data (we should also be wary of response size) so it is not ideal for a healthcheck.
Under the hood
Let’s take a look at the flow for healthcheck. Scatter-Gather is used to call multiple endpoints simultaneously, then the results are compiled in Dataweave.
One caution I might add here is — don’t forget to set the timeout value for Scatter-Gather. If one of the dependent APIs does respond, Mule will default to the system timeout of three minutes when the Scatter-Gather timeout is not set.
Bypassing security
In most cases, applying security to healthcheck/ping resources is not ideal. When configuring the security policy in API Manager, use the resource filtering shown above so that policy is enforced on the resources with business data only (“/greeting” in this case) as shown below.
Putting it into practice
API monitoring should not be an afterthought to be implemented after deployment. It should be implemented in design phase and considered one of the most important non-functional requirements for any API project.
The Silverline-Helloworld-EAPI is available on Github for your use.
Be sure to check out our MuleSoft solutions to see what Silverline can do for you.
