this post was submitted on 19 Nov 2025
42 points (95.7% liked)

Programming

23542 readers
249 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi@lemmy.nz
UlrikHD@programming.dev
42
What's the best way to monitor an API for breaking changes? (sh.itjust.works)
submitted 3 days ago by clay_pidgin@sh.itjust.works to c/programming@programming.dev
54 comments fedilink hide all child comments
 

I have a vendor that sucks donkey balls. Their systems break often. An endpoint we rely on will start returning [] and take months to fix. They'll change a data label in their backend and not notice that it flows into all of their filters and stuff.

I have some alerts when my consumers break, but I think I'd like something more direct. What's the best way to monitor an external API?

I'm imagining some very basic ML that can pop up and tell me that something has changed, like there are more hosts or categories or whatever than usual, that a structure has gone blank or is missing, that some field has gone to 0 or null across the structure. Heck, that a field name has changed.

Is the best way to basically write tests for everything I can think of, and add more as things break, or is there a better tool? I see API monitoring tools but they are for calculating availability for your own APIs, not for enforcing someone else's!

you are viewing a single comment's thread
view the rest of the comments
[–] clay_pidgin@sh.itjust.works 2 points 2 days ago* (last edited 2 days ago) (2 children)

I'm 3,500 miles from the vendor's devs, sadly.

Asking them to put the swagger file itself behind the API is a good idea. Their dev backlog is 3-24 months.

I used the same trick to determine the required headers and parameters - I checked their website which uses the same API.

The source of their delays is that different devs or teams "own" different endpoints and make their changes without documenting. It's annoying, stuff like the same data being in field "hostId" on one endpoint but "deviceId" on another.

[–] Nomad@infosec.pub 2 points 2 days ago (1 children)

Just build a few selenium Tests to ensure the API requests the website performs don't change without you noticing :)

[–] clay_pidgin@sh.itjust.works 1 points 1 day ago (1 children)

That's not a bad idea. Usually, so far, their frontend team doesn't hear about the changes either!

[–] Nomad@infosec.pub 2 points 1 day ago (1 children)

Wow that's bad practice. Sell your monitoring to them to help improve their quality.

[–] clay_pidgin@sh.itjust.works 2 points 1 day ago

I honestly think we provide a significant impetus for improvement on their side. They have lots of other customers, but most aren't as involved and embedded in the data as we are.

[–] CrypticCoffee@lemmy.ml 2 points 2 days ago (1 children)

This is why you have requirements which are agreed upon and affect payment if not upheld. If you start being firmer, they might move quicker. 24 month lead team is bullshit.

[–] clay_pidgin@sh.itjust.works 1 points 2 days ago

They have accepted the penalties as the cost of doing business, and the decision makers on my side are worried about opening it up again. It's a custom hardware + custom software thing so there aren't that many options!