API Monitoring (JSON Response Assertions)
API monitoring verifies that an endpoint returns the correct response body, not just a
successful HTTP status. After a request succeeds, the system evaluates JSON assertions against the
response payload — so a 200 OK that returns an error flag, a missing field, or a stale
value is still caught and flagged as an outage.
Use Cases
- Health-check endpoints - Assert
data.statusequals"ok"on a custom/healthroute - API contract monitoring - Verify a REST endpoint still returns the structure your app depends on
- Third-party integrations - Detect when a partner API starts returning errors inside a 200 response
- Authenticated & write endpoints - Send custom headers and a request body to monitor POST/PUT routes
- Data sanity checks - Alert when a queue depth, inventory count, or balance crosses a threshold
How It Works
During each check, the system:
- Sends the request using your monitor's method, headers, body and timeout settings
- Confirms the HTTP status is within the accepted status codes
- Parses the JSON response body and evaluates every configured assertion
- Marks the monitor offline and opens a
json_assertionincident if any assertion fails - Sends notifications to your configured channels, then auto-resolves when all assertions pass again
Setting Up API Monitoring
- Enable the "JSON" check type when creating or editing a monitor
- Set the HTTP method, request headers and request body if the endpoint needs them
- Add up to 10 assertions, each with a path, operator and (where required) an expected value
- Save the monitor — assertions are evaluated on the next and every subsequent check
The JSON and Keyword check types are mutually exclusive on a single monitor — a response is either an API payload or a web page. Use separate monitors if you need both.
Assertion Paths
Each assertion targets a value in the response with a dot-notation path. Use numeric segments to index into arrays.
| Path | Selects |
|---|---|
status |
The top-level status field |
data.region |
The region field nested inside data |
data.users.0.id |
The id of the first item in the users array |
Operators
| Operator | Passes when | Value |
|---|---|---|
equals |
The value at the path equals the expected value | Required |
not_equals |
The value does not equal the expected value | Required |
contains |
The value contains the expected substring | Required |
not_contains |
The value does not contain the expected substring | Required |
exists |
The path is present in the response | Not used |
not_exists |
The path is absent from the response | Not used |
gt / gte |
The value is greater than / greater than or equal to the expected number | Required |
lt / lte |
The value is less than / less than or equal to the expected number | Required |
regex |
The value matches the expected regular expression | Required |
not_regex |
The value does not match the expected regular expression | Required |
Request Options
API monitors reuse the monitor's HTTP request settings, so you can monitor endpoints that need a specific method, authentication or payload:
| Option | Description |
|---|---|
http_method |
GET, POST, PUT, PATCH, DELETE, HEAD or OPTIONS |
request_headers |
Custom headers, e.g. an Authorization token |
request_body |
A JSON or form body sent with POST, PUT and PATCH requests |
accepted_status_codes |
Which status codes count as success before assertions run |
Limits
- Maximum 10 assertions per monitor
- Each assertion path can be up to 500 characters
- Response bodies larger than 5 MB are not evaluated
- Assertions run only when the response is valid JSON and the status code is accepted
Notifications
When an assertion fails, the incident is classified as a JSON assertion failure rather than a generic outage. Notifications include:
- The failing path, the operator, the expected value and the actual value
- The monitor URL and the region that detected the failure
A recovery notification is sent once every assertion passes again, including the incident duration.
Best Practices
- Assert on stable fields - Target contract fields that should not change between deploys
- Prefer a health endpoint - Expose a dedicated
/healthroute that summarises dependencies - Combine operators - Pair
existschecks withequalsor numeric thresholds - Watch dependencies - Assert that database, queue or cache status fields report healthy
- Keep paths shallow - Shallow paths are more resilient to response shape changes
Example Configuration
{
"assertions": [
{
"path": "data.status",
"operator": "equals",
"value": "ok"
},
{
"path": "data.region",
"operator": "exists"
},
{
"path": "data.queue.depth",
"operator": "lt",
"value": 1000
}
]
}