tutorial

How to Monitor Third-Party API Dependencies with Vigilmon

Your application is never just your application. Behind every reasonably functional web product is a dependency graph of third-party APIs: Stripe for payment...

Your application is never just your application. Behind every reasonably functional web product is a dependency graph of third-party APIs: Stripe for payments, Twilio for SMS, SendGrid or Postmark for transactional email, AWS SES, Cloudinary for media processing, Algolia for search, Segment for analytics. Some of these are in the critical path — if they go down, your product's core functionality fails with them.

The problem: when a third-party vendor has an outage, your users don't know it's Stripe's fault. They know your checkout didn't work. They know your SMS verification never arrived. They may know your emails stopped sending. The support ticket they file says "your product is broken."

Monitoring your third-party API dependencies before your users notice the failure is one of the most underrated operational investments a development team can make.

Why Third-Party API Monitoring Is Overlooked

Most teams monitor their own infrastructure: servers, databases, application health checks, maybe some custom metrics. What they don't monitor is the API surface they depend on externally.

The reasoning usually goes: "If Stripe is down, there's nothing we can do anyway." That reasoning misses three important points:

1. You can know before your users do. A monitor polling https://status.stripe.com or a synthetic check against Stripe's API every 60 seconds will detect an outage minutes before the first affected user files a support ticket — or posts on Twitter. That headstart is valuable.

2. You can communicate proactively. If you know Stripe is degraded, you can update your status page before your users ask. "We're aware of a payment processing issue — this is caused by our payment provider and we're monitoring for resolution" is a dramatically better customer experience than silence followed by a flood of support requests.

3. Incidents are faster to diagnose. When your on-call engineer wakes up at 2am to a checkout failure alert, checking whether you already have a "Stripe degraded" monitor in a warning state cuts triage time from 20 minutes to 30 seconds.

Categories of Third-Party API Dependencies

Not all dependencies carry the same risk. Start by classifying yours:

Critical Path Dependencies

These APIs are required for core functionality. If they fail, your product's primary use case fails with them.

Examples:

  • Payment processors (Stripe, Braintree, PayPal) — if down, subscriptions can't be created, purchases can't be completed
  • Identity providers (Auth0, Okta) — if down, users can't log in
  • Communication APIs (Twilio for SMS OTP, Sendgrid for transactional email) — if down, verification flows break, password resets fail
  • Object storage (AWS S3, Cloudflare R2) — if down, file uploads or downloads fail
  • Database-as-a-service (PlanetScale, Neon, Supabase) — if down, all data operations fail

High-Impact Dependencies

These APIs affect significant features but don't completely block core functionality.

Examples:

  • Search services (Algolia, Elasticsearch Cloud) — search degraded, but browsing/filtering still works
  • Analytics ingestion (Segment, Mixpanel) — data gaps in analytics, product still functional
  • Media processing (Cloudinary, Imgix) — image optimization degraded, raw uploads still work
  • CDN providers (Cloudflare, Fastly) — performance impact, but origin still accessible

Low-Impact Dependencies

These APIs affect minor features. Monitor them but alert at a lower urgency level.

Examples:

  • Feature flag services (LaunchDarkly) — flags default to fallback values
  • Error tracking (Sentry, Bugsnag) — error data may be incomplete
  • Customer support chat (Intercom, Zendesk widget) — support widget unavailable

What to Monitor for Each Vendor

Status Page Monitoring

Most major API vendors publish a public status page. These are your first monitoring target — they're low-effort to set up and give you the vendor's own assessment of their service health.

Status page URLs for common vendors:

| Vendor | Status Page | |---|---| | Stripe | https://status.stripe.com | | Twilio | https://status.twilio.com | | SendGrid | https://status.sendgrid.com | | Auth0 | https://status.auth0.com | | AWS (overall) | https://health.aws.amazon.com/health/status | | Cloudflare | https://www.cloudflarestatus.com | | Algolia | https://status.algolia.com | | Postmark | https://status.postmarkapp.com | | PlanetScale | https://www.planetscalestatus.com | | Supabase | https://status.supabase.com |

All of these return HTTP 200 under normal conditions. A monitor that checks for HTTP 200 on these URLs will detect when the status page itself shows degraded — which usually happens when the vendor marks an incident.

Limitation: Status pages are often updated manually, and vendors sometimes lag behind actual incidents. Status page monitoring is necessary but not sufficient.

Synthetic API Checks

For critical-path dependencies, go beyond the status page: make an actual API call and verify the response.

For Stripe, for example, you might:

  1. Hit the Stripe API's GET /v1/balance endpoint with your API key (a read-only endpoint that doesn't affect real data)
  2. Verify HTTP 200 and a valid JSON response
  3. Alert if the response fails or takes more than 3 seconds

For SendGrid:

  1. Hit GET /v3/stats or GET /v3/user/webhooks/parse/stats
  2. Verify a valid 200 response
  3. Alert on non-200 or latency above threshold

For Twilio:

  1. Hit GET /2010-04-01/Accounts/{AccountSid} (account info endpoint)
  2. Verify 200 response
  3. Alert on failure or latency spike

These checks test whether you can actually reach and authenticate with the API, not just whether the status page URL loads. They catch cases where the API is degraded but the vendor hasn't yet updated their status page.

TCP Monitoring for Infrastructure APIs

For services where you connect over TCP (database connections, Redis, SMTP), monitor the TCP port directly:

  • AWS RDS PostgreSQL: TCP check on port 5432
  • Redis (Upstash, ElastiCache): TCP check on port 6379
  • SMTP provider: TCP check on port 587 (STARTTLS)

A TCP check verifies the service is accepting connections at the network layer before your application even tries to authenticate — often a faster signal than waiting for an application-layer timeout.

Setting Up Third-Party API Monitoring with Vigilmon

Vigilmon is well-suited for this monitoring pattern. It supports HTTP/HTTPS endpoint checks and TCP port checks, runs from multiple geographic regions for consensus-based alerting, and requires no agent installation.

Setting up a Stripe status page monitor:

  1. Add a new monitor in Vigilmon
  2. URL: https://status.stripe.com
  3. Type: HTTP check, expect 200
  4. Interval: 1 minute
  5. Alert destination: your team's Slack channel or webhook
  6. Label it clearly: "Stripe Status Page"

Setting up a Stripe synthetic API check:

  1. Add a new monitor
  2. URL: https://api.stripe.com/v1/balance
  3. Type: HTTP check, include Authorization: Bearer sk_live_... header
  4. Expect: 200 response
  5. Interval: 2–5 minutes (synthetic checks against vendor APIs should be respectful of their rate limits)

Setting up an SMTP TCP check:

  1. Add a new monitor
  2. Host: your SMTP provider's hostname
  3. Port: 587
  4. Type: TCP check
  5. Interval: 5 minutes

Multi-region consensus: Vigilmon's quorum-based alerting means a single regional probe failure doesn't fire an alert. For third-party API checks, this is important — you want to distinguish genuine vendor degradation from a single-probe network issue.

Organizing Your Monitoring Dashboard

With multiple vendors to track, organization matters. Group monitors into two categories:

Critical Path (high urgency alerts, 1-minute intervals):

  • Stripe API (payments)
  • Auth0 / identity provider
  • Email delivery API (SendGrid/Postmark)
  • Primary cloud provider status

High Impact (standard urgency alerts, 5-minute intervals):

  • CDN status
  • Search service
  • SMS API (if used but not in primary auth flow)
  • Analytics ingestion

Status Pages Only (informational alerts, 10-minute intervals):

  • Feature flag service
  • Error tracking service
  • Support chat widget provider

Configure different alert routing for each group. Critical path alerts go to the on-call Slack channel. Informational alerts go to a lower-priority channel that gets reviewed rather than immediately actioned.

Building Your Incident Response Runbooks

When a third-party API monitor fires, your team needs to know what to do in the first five minutes. Document this before the incident:

Stripe degraded — runbook:

  1. Check status.stripe.com for incident status
  2. Check your Stripe API monitor in Vigilmon for error details
  3. Update your status page: "Payment processing is experiencing intermittent issues due to a provider outage. We are monitoring for resolution."
  4. If degradation persists > 15 minutes, consider surfacing a user-facing banner: "Payments are temporarily unavailable. We apologize for the inconvenience."
  5. Monitor Stripe status for resolution. When resolved, clear your status page.

Email delivery degraded — runbook:

  1. Check provider status page
  2. Identify which email types are affected (transactional vs. marketing)
  3. Consider queueing transactional emails for replay once the provider recovers
  4. If password reset emails are affected, provide an in-app fallback notification to affected users

What to Expect: Mean Time to Detection

Without third-party API monitoring, your mean time to detection (MTTD) for a vendor outage is roughly how long it takes your users to notice, file a ticket, and your support team to escalate to engineering. In practice: 15–45 minutes.

With Vigilmon monitoring vendor status pages and synthetic API checks every 1–5 minutes, your MTTD drops to under 5 minutes. You often know about the vendor outage before your users hit the failing endpoint.

That headstart is the difference between proactive status page communication and reactive damage control.

Conclusion

Your application's reliability is bounded by your dependencies' reliability. Monitoring those dependencies — their status pages, their API health, their TCP connectivity — gives you the same external view of your vendors that Vigilmon gives your customers of your own service.

The setup is straightforward: status page monitors for every critical vendor, synthetic API checks for critical-path dependencies, TCP checks for infrastructure services. The result is faster incident detection, faster communication, and faster triage when something actually breaks.

Start monitoring your third-party API dependencies at vigilmon.online — HTTP, TCP, and SSL monitoring from multiple regions, no agent required, free to start.

Tags: #monitoring #devops #api #uptime #stripe #twilio #reliability

Monitor your app with Vigilmon

Free plan — 5 monitors, no credit card required. Up and running in 60 seconds.

Start free →
← Back to all articles