How to Measure the Speed, Security, and Quality of Your API

Is there such a thing as an API score? Well, now there is. This is how we measure it.

2 years ago   •   6 min read

By Leigh Wallett
Table of contents

APIs play in a complex world. They overcome challenges that were once impossible. Challenges like connecting data from near obsolete systems. Or connecting with inanimate objects to create the Internet of Things. Their composable architecture helps overcome the tech skills shortage as you can plug in pre-existing code with minimal technical knowledge.

APIs are packages of business logic. They can be used for bank transactions, website purchases, and internal communications in an enterprise. APIs may look the same but their outcomes are different. They are so flexible they become difficult to compare. It is hard to determine a standard approach for APIs' success.

At Treblle we’ve narrowed down 9 universal measures to determine your APIs Speed, Security and Quality. These measures will give you an overview of your APIs success.

Let’s take a look at what we mean by each of these metrics and how they can help you make the complex world of APIs simple.

APIs Need for Speed

The movie Interstellar showed how time speeds up as it moves away from the earth. The same feels true for time on a device. Where 2 seconds may be fast in the physical realm, in the online world of API it’s a lifetime. Meaning if your API is taking 2 seconds or longer to respond, it will most likely not be used enough to survive.

An API should take 0.1-1 second to respond. A fast API will have a better chance of making clients happy and have a lower cost. This will give an API more chance for success.

How to Measure the Speed of Your API?

To ensure your API has high performance there are 4 important elements to check.

Average Response Size

Firstly you want to ensure your API has been developed to optimize performance. To do this you want to check the average response size of your API. Your API response size will have the greatest impact on your API response time.

API Load Time

Next, you should check your API load time. Load time is generally longer than response time as it includes the time from request to the entire response loads and is available to view.

Compression Algorithm Gzip

In addition to development, you should check your APIs setup. To improve data response a compression algorithm can help. Gzip is a popular open-source file compression algorithm. Gzip can reduce an APIs payload by anywhere from 50%-70%. In addition, this compression won't sacrifice data.


The final check for optimal performance is your APIs network protocol. This factor probably has the biggest overall impact on API speed. Your API should use the updated network protocol HTTP2. There is a significant difference in the performance between the HTTP1 protocol created in 1991 and the HTTP2  updated in 1999. HTTP2 is designed for the complexity of modern applications. It solves challenges such as head-of-line blocking by using TCP/IP connections. More than that data transfer is faster and more efficient with fewer errors.

API Security Blanket

Cybersecurity is becoming more of a challenge each year. With increased distribution and transparency, maintaining security gets harder. APIs are a key part of this distributed ecosystem.

APIs now make up the vast majority of internet traffic. In 2020 Akamai reported 86% of internet traffic was from APIs.

To keep on top of cybersecurity threats, it’s essential to keep on top of API security. Unfortunately, there is not a one size fits all approach. However, there are 2 key elements you can check to measure your API's security.

How to Measure API Security


The first and most fundamental check to ensure your API security is the use of HTTPS. The ‘S’ stands for the SSL certificate. This is the extra layer of protection that automatically prevent a range of security threats. While HTTPS should be the default in 2022, unfortunately, it is not. The HTTP protocol is the automatic default. You will need to buy an SSL certificate and set it up to get HTTPS.


The second thing to look for is whether or not you are using a form of authorization on your APIs. Authorization provides security on who, what, and how much can be accessed through your API. Different levels of authorization can be given to different roles, such as an administrator or a consumer.

You can also gain insight into the activity of your API. From a security point of view, you want to identify if your API is being spammed, or attacked, or if there is any other unusual activity. This data can also be used to keep track of your API integrity, availability, and confidentiality.

Authorization doesn’t need to be difficult to add to your API. There is a range of options available from simple bearer tokens to complex solutions like JWT or oAuth.

API Quality Is a Commodity

Quality is a broad term. We’ve spoken about API speed and security, so what else do we need to measure to determine quality?

Quality covers the factors that make your API robust and reliable. This means your API can respond to adverse conditions such as a database breach, traffic spikes, or bad requests. On top of that, any changes won’t break functionality for your API users.

How to Measure API Quality?

To ensure your APIs success it must pass a quality check. Here are 3 ways to review your APIs quality standard.

API Versioning

A fundamental measure of API quality is versioning. When it comes to reliable APIs, versioning is essential. It is important because you need to improve your APIs over time, however, you als want to minimize disruption to your API consumers. Versioning helps you track and communicate changes to your APIs over time and helps overcome the challenges you may face as your API evolves.

Request Success to Error Ratio

To understand your API reliability, measure the ratio between successful API requests and those that have errors. While APIs are relatively simple to create, it’s easy to make mistakes. There is a vast range of potential errors. Keeping track of the ratio of errors returned provides a strong overview of how well your API is performing and where to make improvements.

Valid JSON Response

Finally, a simple check to assess the quality of your API is if you are responding with a valid JSON. JSON provides a standard and superior data structure. This is a quick win for your API quality.

What Does a Successful API Look Like?

A successful API will respond in microseconds, maintain secure access and, have quality of reliable service.

We’ve covered a number of measures you can use to visualize your APIs' speed, security, and quality. In summary, the 9 measures for speed, security, and quality are:

  1. Response size
  2. Load time
  3. Gzip compression algorithm
  4. HTTP2 network protocol
  5. HTTPS protocol
  6. Authorization and related activity data
  7. Versioning
  8. Request success to error ratio
  9. Valid JSON response

These measures are universal across programming languages and different platforms. While there are additional measures, these are an excellent start.

At Treblle we’ve collated these critical data points of your API to create a dashboard. This dashboard gives your API a score on Speed, Security, and Quality. This is an instant view of the success of your API. And it’s just the beginning. We are actively working to expand the ruleset in future versions.

Success doesn’t mean having a perfect API at all times. What’s more important is to identify issues as soon as they arise. With instant and transparent data, you can determine your APIs' success at a glance. You can quickly identify where challenges appear. Treblle will give you insight from a high level overview in our simple dashboard, all the way to a detailed breakdown.

Create a Treblle account to understand your APIs' success at a glance.

Spread the word

Keep reading