Monitor Your Workflows With Datadog SSL, TCP, and Multistep API Tests | Datadog

Monitor your workflows with Datadog SSL, TCP, and multistep API tests

Author Mallory Mooney

Published: December 21, 2020

API tests are key to ensuring your applications receive and respond to requests efficiently. For example, a slow API endpoint or an unexpected timeout in processing a request can significantly affect user experience, so API tests can help you monitor the performance of your endpoints and the overall health of your applications. Datadog Synthetic Monitoring enables you to track how efficiently your API endpoints handle traffic at each and every step, so you can ensure that endpoints are processing incoming requests as expected.

Datadog provides a comprehensive suite of API tests so that you can not only monitor the health and performance of HTTP requests and DNS records, but also ping service endpoints to detect connectivity and network issues, test TCP connections to service ports, and verify server certificates. Datadog also enables you to chain HTTP requests using multistep API tests, so you can easily monitor critical API workflows from end to end.

In this post, we’ll show how Datadog’s API tests can help you:

Verify every single step in your workflows by chaining API requests

Most modern applications rely on several API endpoints to support core workflows. For example, interacting with an application uses a series of API requests to authenticate a user and then display information within that user’s scope. Some requests in the series create a chain by passing data from a preceding request’s response (e.g., API keys, OAuth authentication tokens) to headers in subsequent requests, ensuring that someone is already authenticated before making additional requests. In order to verify that these types of workflows function as designed, you need to be able to run tests that can easily replay the flow between these chained requests.

Datadog’s multistep API tests enable you to create a sequence of requests and capture data such as unique tokens and response data to pass onto subsequent requests in the chain. This allows you to monitor every step in your critical service workflows and gives you deeper insight into the health and availability of each API endpoint supporting your services. We’ll show you how next.

Create a multistep test for updating a user’s profile

Updating a user’s profile is a common workflow and consists of several steps such as authenticating the initial login request, requesting a user’s profile after authentication, and performing a CRUD operation to change profile information. You can create a new multistep API test to easily cover these and other types of workflow steps, including more complex interactions with an API, giving you comprehensive coverage for testing all of your endpoints.

In the example below, we configured a test to first make a POST request to an authentication API endpoint using a client ID and secret in the request body. Datadog also supports other types of authentication processes, such as passing login credentials in the request headers (i.e., basic authentication).

POST request in a multistep test

The test is also configured to automatically extract a unique ACCESS_TOKEN variable from the response, which can be used as the bearer token to authenticate the other requests necessary to complete the workflow. When you click on the “Test URL” (or “Re-test URL”) button, as shown below, Datadog will automatically display the response body in the same modal. You can click on any key in the response (in this case, access_token) to create a new variable that can be used in subsequent requests in the workflow.

Use variables from a request's response to use in subsequent requests

Next, the multistep API test makes a GET request for a specific user’s profile (i.e., the userinfo/1 endpoint) using the ACCESS_TOKEN variable from step one as the bearer token in the request’s header.

Chain requests using variables in response headers

The final step makes a PUT request to the same /userinfo/1 API endpoint to update information in that user’s profile (e.g., their username and role), sending that data in the request’s body, as seen below. The step also uses the same bearer token from previous steps in the request’s header in order to interact with the protected endpoint.

Make a PUT request in a multistep test

When the test runs, it will automatically chain requests appropriately using the correct token in order to test the API workflow in its entirety.

Datadog provides an overview of test activity, so you can easily track the duration of each test step across several locations. If a step within a test fails, you will see an alert that provides a breakdown of the failure, which includes the request and response header, the body data, and the request’s response time. This enables you to pinpoint the root cause of a failure, such as invalid tokens or permissions, and quickly resolve the issue before it significantly affects your users.

Be notified of issues with a multistep test, such as invalid tokens

Datadog also provides more visibility into the health and security of the connections between your application and users with SSL, TCP, and DNS API tests. We’ll cover Datadog’s SSL and TCP tests in more detail next, but you can read more about using DNS tests to monitor your DNS records in this post.

Monitor all incoming TCP connections to your applications

Before users can interact with your services, they first need to set up a successful TCP/IP connection on the appropriate server port, such as those assigned to handle SSH, DNS, or SMTP traffic. Datadog’s TCP API tests enable you to monitor the performance of the underlying TCP connections to a given port used for your application services, regardless of where they are deployed. You can quickly detect TCP connection or latency issues across several global locations or test internal-facing services with private locations, giving you a versatile tool for monitoring the systems that support secure logins, routing emails, file transfers, and more.

The example TCP test below verifies the performance of connections to port 443 for an application, which is used to secure and encrypt HTTP traffic.

Troubleshoot with TCP API test alerts

TCP tests can alert you to unsuccessful or slow TCP connections, which could indicate issues such as a congested application server, misconfigured DNS records, or potentially malicious activity. If a TCP test surfaces connectivity issues with a service, you can use Datadog CNM to look at the service’s TCP retransmits in order to troubleshoot further.

Ensure that connections to your services are secure

Secure connections to your application are fundamental to ensuring that your users can confidently interact with your services, especially if services require transmitting confidential information such as credit card numbers and login credentials. Insecure applications transmit this type of data in a format that makes it easier for attackers to intercept, so organizations advocate using the HTTPS protocol (e.g., TCP port 443) with an SSL/TLS certificate as the de facto standard for securing and encrypting connections with services. This helps you assure your users that they are accessing a legitimate version of your application—not a spoofed version designed to steal private information—and that the data they are transmitting to your application services is encrypted.

Monitoring your certificates can help you mitigate these risks and ensure that your application is safe to use. Datadog offers SSL API tests to detect when a certificate is about to expire, to verify that your certificates contain certain properties, and that the connection uses the appropriate TLS version. The example test below verifies that the certificate for a sample application is valid in one of the tested regions.

Troubleshoot further with SSL API test alerts

Verifying certificates is another primary step to monitoring the overall health of your services—a significant portion of your user base may not be able to reliably access your application if a certificate expires in one or more locations. If an SSL test fails, you will receive an alert with more details, such as which locations are affected, the cryptographic protocol used for the connection, and the certificate’s thumbprint. This information will enable you to quickly determine if the certificate is invalid or installed on a server incorrectly.

End-to-end coverage for monitoring your APIs

With Synthetic Monitoring, you can troubleshoot issues at every step in the request/response cycle—from the initial connection to interactions with key workflows. Datadog’s API tests complement Synthetic browser tests, which test a web application’s user experience, so you can test application functionality at a high level and also ensure your application’s underlying API endpoints perform optimally. And Datadog enables you to easily correlate API endpoint performance with the performance of other technologies in your stack for deeper insights into the health of your applications.

Check out our documentation for more information about Synthetic API tests, or sign up for a to start monitoring your API endpoints today.