API testing/ Performance

Hello everybody!! :man-raising-hand: I have the following question: We have developed some APIs that are going to be used by some external clients to retrieve information about clients. We have defined some performance requirements for these APIs that we have tested internally with Taurus and all the tests were “Passed”. I got some questions from the product owner regarding the fact that we have run all these APIs/performance tests internally. So then I am wondering:
1: Shall I expect big differences in the response times of the calls if the tests are run externally? If yes, which factors are provoking this?
2: Is it part of our responsability to ask to these external clients to run tests against our APIs to check the performance?
I am a bit confused so any help will be appreciated, thanks and have a brilliant day!

  1. This depends on your definition of “significant”. A client calling your API from another part of the globe might incur on average (very roughly, YMMV) another 100-200ms of latency, which is enough to matter in some contexts, but not others. The latency variance will also be a lot higher over the internet, so it’s worth considering what the impact of much higher tail latencies measured in seconds.

  2. I would suggest it’s usually the client’s responsibility to monitor the latency of your API from their client’s perspective if this is important to them. If it isn’t, probably not much point in asking them to do it. However, I’d also recommend capturing latency metrics from your API on the server side.

One other factor that might matter - did you do your internal testing against HTTP or HTTPS?

HTTPS can be quite a large overhead, particularly when you have internet round-trips to consider, so it’s usually a good idea to test with this turned on.


Yes we are using HTTPS thanks for the advise, I will look into it :slight_smile:
@tomakehurst When you say “capturing latency metrics from your API on the server side” You mean what we are doing now, running tests where everything happens behind our firewall and the calls are coming from inside the house?

I’d recommend measuring latency (and throughput + error rate) in at least performance testing and live environments, via your monitoring system. This means that a) you can use it to determine the health of your live system, b) observe the server’s perspective of performance when load testing - sometimes the load tool and monitoring will tell you different stories and this can be very useful in finding problem root causes.

Nearly all modern monitoring tools have a way to fairly easily get at these metrics from HTTP servers, so assuming you have a tool in place it shouldn’t be too hard to enable.

You want to create a realistic performance test so yea try running it from another network.

Imagine you are on crappy Wi-Fi (free wifi at a café for example) or you are at home browsing on a 1gb/mbps line. I think you’ll see the difference already. It’s not all about measuring ‘your internal network’ but you want to see how your app behaves when it’s on a ‘lesser’ network. Is your application going to be available like a regular website? Try testing through 3G / 4G also.

For the rest, tomakehurst comment sums it up!