After the recent interviews with SteamData.io about API streaming and Cloud Elements about Saas connectors, I had this week the opportunity to discuss API testing and monitoring with Vas Edelen, Director, API Engagement at API Fortress.
Stephane Castellani: Hi Vas, can you please present API Fortress in a few words?
Vas Edelen: API Fortress is an automated API testing and monitoring platform for the entire API lifecycle. Generate a test as early as design, and it will validate your APIs during development, continuous deployments and live API monitoring.
The concept for API Fortress happened in 2013 when Patrick Poulin was the API Evangelist for Getty Images, and his Cofounder Simone Pezzano was building a platform that converts websites into APIs on the fly. Patrick didn’t have a tool that properly empowered him with real-time knowledge of how the Getty API was doing, and he didn’t have the development skills to build it himself. Simone could build it but didn’t understand why something didn’t already exist. There are countless visual platforms for websites and apps, why isn’t there one for APIs? It required new thinking about how APIs could be tested, and after some MVPs in 2014, they went fulltime in 2015 to build it. A web-based platform dedicated to the quality of an API program that requires no coding, so anyone can use it, and that integrates with all the tools and platforms you use today.
SC: What is your flagship product?
VE: It was once called Mastiff, but now all our offerings are part of the platform. A single platform that handles comprehensive API testing and monitoring. Automatic regression tests during deployment, functional uptime monitoring, all without having to write any code.
SC: What needs does it answer?
VE: API Fortress is a single platform that helps developers, QA, DevOps, and Product Managers collaborate on understanding the quality of their API program. Every stakeholder has access and can understand, the real-time and historical health of their APIs. It finds the problems that people do not think of, and when found instantly notifies everyone with detailed information to help diagnose the cause.
SC: Why is API testing across the entire lifecycle important?
VE: Today’s competitive advantage is the speed of innovation, and APIs are key to that. With that rapid innovation, comes an even greater possibility of bugs and errors. With API Fortress, a single API test checks that every stage of the API lifecycle is in line with the original contract. A single platform that unifies every team that is part of the process. APIs have become a product and need to be treated that way.
SC: Which industries and accounts do you target?
VE: API Fortress remains industry agnostic. We aim for any enterprise that has a lot of different teams and people that touch the APIs that are critical to their business. We have gotten a lot of traction in these industries as of late – retail, banking, insurance, payment processing, logistics, and video games.
SC: What are the benefits or your product? Can you share any available ROI?
VE: API Fortress automates the process of creating API tests, and makes execution and notification simple. This means that anyone can handle the process of testing and monitoring the platform, not just developers. The platform saves expensive developer time, empowers QAs to do what once only developers could do, and is much more comprehensive than what a developer could do with weeks of customer code. A few minutes with API Fortress can save hundreds of developer hours.
SC: Who are your competitors and how you do position against them?
VE: The word disruptor is greatly overused, but we have no choice but to use it here. The main players in the API testing space are Smartbear (SoapUI) and Parasoft (Soatest). If you were to compare screenshots you would immediately see the difference. We were built from the ground up for today’s microservice architectures, with integrations and team collaboration in mind. That is why we are not a downloadable application, we are a platform. It’s 2017, and API testing should reflect that. No coding, no hacking to integrate with other platforms like Slack, simple automation setup (CD and scheduling), and it all runs from a web browser. Finally, our entire platform can be brought on-premises. This is what keeps Runscope and Postman from being the right solution for large enterprises with tight security requirements.
There are some open source libraries that highly technical people can leverage. As you can imagine, it requires coding, lacks the ability to schedule, no status page, tough to integrate, and is generally never the right fit without a lot of customization. By the time you get it up and running, the entire process would be complete with API Fortress.
Check out this article on Medium to learn more about API Fortress vs SoapUI.
SC: Which channels do you sell your product through? Online, via sales teams, via partners?
VE: Our sales team. You can create a free account online, but for enterprise features, you will need to speak with us. This is because every customer has unique API testing needs. Some want cloud, some want on-premises, some want both. Every customer has a package built just for them.
SC: How do you integrate with existing API Gateway vendors?
VE: This is something we are actively working hard on, as we are looking to become the default platform no matter which gateway you use. The platform works no matter which gateway you use, or if you even have one. With that said, connectors and integrations do make life easier for our customers. Therefore, we have connectors for Kong and Mulesoft, which give you incredible ability to test your APIs as part of the process of delivery. We have a partnership with Mashery that allows you to login to your Mashery account and generate tests automatically. We have an exciting partnership with Oracle in the works that we can’t speak about publicly yet, and we are actively working on the other gateways as well. We want to make sure these integrations provide a benefit to our customers and are being thoughtful when we do them.
SC: Can you share with us a recent customer success story, indicating the challenges they faced and the outcomes they got with your product?
VE: A fun little fact that not many people know – the vast majority of apps run off APIs. It is how the app communicates with the platform and gets the information it needs. Ordering an Uber? That’s a call to the Uber API.
This customer has a very popular app, that requires real-time calls to their platform. Up until this point, the QA team was solely focused on testing the application itself (UI/UX). They were deploying a new version of the API that powers the app, and with that wanted a tool that allowed the QA team to also take on the responsibility of making sure the API that powers the app is working properly. Full end-to-end testing. They had specific requirements:
- Doesn’t require coding. Simple to use and setup.
- Flexible and intelligent tests due to drastically changing payloads.
- Can be used on-prem for security purposes.
- Can be scheduled to run automatically when live.
These are exactly what API Fortress is built for. After a quick and successful on-premises POC, they became a happy customer. Why isn’t everyone testing their APIs this extensively? Great question. We’re working to fix that every day.
SC: Can you share with us your product presentation video?
SC: Are there any other topics you would like our audience to be aware of about your company?
VE: Only about 5% of APIs are tested properly. This seems like a number we are making up, but it’s based on three years of calls with customers. To date, the primary focus of automated testing is the visual – how things look. It is the easiest problem to spot. Even a nontechnical CEO can understand when the homepage is broken. If your API is delivering bad product IDs, or if the categorization of products is missing, this problem isn’t viewable by anyone except your accounting team. That is a loss of revenue that happens silently every day, and why APIs need to be tested with the same vigor that websites and apps are.
SC: Thank you Vas for this fascinating discussion about API testing across the full API lifecycle, it was great talking to you!
VE: Thank you Stephane, likewise.