API Monitoring
Deep API Checks for Backend Teams
Real-time monitoring voor Nederlandse infrastructuur. HTTP/HTTPS checks, JSON body validation en header verificatie — built for developers who ship APIs.
Configure Your First Check Read the DocsWhy API Monitoring Is Different
A 200 status code doesn't mean your API is healthy. StatusBewaker validates the actual response — checking that your JSON payload contains the expected fields, that required headers are present, and that response times stay within your SLA. If api.uitzendinggemist.nl/v2/programs returns a 200 but the items array is empty, you'll know before your users do.
Every check runs from probes in Amsterdam (AMS3) and Rotterdam (RTM1), with optional validation from our Frankfurt edge node. We simulate real client requests: custom HTTP methods, authentication headers, JSON or form-encoded bodies, and conditional headers like If-None-Match for cache validation.
JSON Body Validation
Assert that specific keys exist, match expected types, or fall within value ranges. Check that response.data.user.role equals "admin", that response.total is a positive integer, or that an array contains at least 10 elements. Define simple key-path rules or attach a full JSON Schema for strict validation.
Header Verification
Verify response headers on every check. Ensure Strict-Transport-Security includes max-age=31536000, that Content-Type is application/json; charset=utf-8, or that X-RateLimit-Remaining never drops below 50. Missing or unexpected headers trigger an alert.
Authenticated Requests
Send checks with Bearer tokens, API keys, Basic auth, or custom headers like X-Api-Key: sk_live_.... Rotate credentials automatically via our secrets manager — no need to update monitors when keys change. Supports OAuth 2.0 token refresh flows for endpoints that require active sessions.
Technical Specifications
Under the Hood
Here's exactly what happens when StatusBewaker monitors your API endpoint — from DNS resolution to response body parsing.
Check Intervals
30-second, 1-minute, 5-minute, or 15-minute intervals. Production APIs for clients like NS and Bol.com run on 30-second checks. Each check completes in under 2 seconds, including full TLS handshake and body parsing.
Latency Breakdown
We measure DNS resolution, TCP connect, TLS negotiation, time to first byte (TTFB), and total download time separately. Set per-phase thresholds so you can distinguish between a slow database and a network issue between AMS3 and your origin.
Response Time SLAs
Define custom thresholds per endpoint. Alert when p50 exceeds 200ms, p95 crosses 500ms, or p99 breaches 1000ms. We track trends over 24h, 7d, and 30d windows so you can spot gradual degradation before it becomes an outage.
TLS & Certificate Checks
Validate TLS 1.2/1.3 handshakes, verify certificate chains against trusted CAs, and monitor expiry with alerts at 30, 14, and 7 days. Mutual TLS (mTLS) supported for private endpoints — upload your client certificate and key directly in the monitor config.
Alerting & Escalation
Instant notifications via Slack (#api-incidents), PagerDuty, email, or custom webhooks. Configure escalation: Slack on first failure, PagerDuty after 3 consecutive misses. Every alert includes the full response body, headers, and timing breakdown.
Data Retention & Export
Every check result — status code, response time, body hash, and header snapshot — is stored for 12 months. Query via our REST API, export to CSV, or push metrics to your Prometheus instance. Public status pages show 24h, 7d, and 30d uptime percentages.
Need a custom check that validates a signed JWT, monitors a WebSocket connection, or validates a gRPC health endpoint? Our team can build it. Talk to Engineering