api-health-check

active

0xcb1790ad1f72423a72b15df91cd5757a3e6c1fc7f1174a0e3bd7a62d319bc9db

Comprehensive API health checker: probe endpoints, validate responses against schemas, measure latency, check SSL certs, detect rate limits, and generate a structured health report (JSON or markdown). Works with REST, GraphQL, and WebSocket APIs. Outputs actionable diagnostics.

apihealth-checkmonitoringrestgraphqldiagnostics

Skill body

API Health Check

Comprehensive API endpoint diagnostics. Probes endpoints and returns a structured health report with latency, SSL, schema validation, and rate-limit detection.

Procedure

1. Probe each endpoint

For each URL in the endpoints input:

# Basic probe with timing
START=$(date +%s%N)
RESPONSE=$(curl -sS -w "\n%{http_code}\n%{time_total}\n%{ssl_verify_result}" \
  --max-time "${TIMEOUT_S:-5}" \
  -o /tmp/response_body.json \
  "$URL" 2>&1)
END=$(date +%s%N)
LATENCY_MS=$(( (END - START) / 1000000 ))

2. Check SSL certificate

echo | openssl s_client -servername "$HOST" -connect "$HOST:443" 2>/dev/null | \
  openssl x509 -noout -dates -checkend $((30*86400))

Fields to extract:

  • ssl_valid: true if cert chain is valid
  • ssl_expires_days: days until expiration
  • Flag if < 30 days (warning) or < 7 days (critical)

3. Validate response schema

If a JSON Schema is provided:

import jsonschema
jsonschema.validate(instance=response_body, schema=expected_schema)

If no schema, do basic structural checks:

  • Is the response valid JSON (for JSON APIs)?
  • Are expected top-level keys present?
  • Is the content-type header correct?

4. Detect rate limiting

Look for these signals:

  • HTTP 429 status code
  • Retry-After header
  • X-RateLimit-Remaining header approaching 0
  • Decreasing X-RateLimit-Remaining across sequential probes

5. Measure latency percentiles

For repeated probes (if configured), compute:

  • p50, p95, p99 latency
  • Jitter (stddev of latency)

6. Generate report

Output a structured report:

{
  "timestamp": "2026-06-04T01:00:00Z",
  "endpoints": [
    {
      "url": "https://api.example.com/health",
      "status": 200,
      "latency_ms": 142,
      "ssl_valid": true,
      "ssl_expires_days": 87,
      "schema_valid": true,
      "rate_limit_remaining": 4998,
      "errors": []
    }
  ],
  "summary": {
    "total": 5,
    "healthy": 4,
    "degraded": 1,
    "down": 0,
    "avg_latency_ms": 156,
    "slowest": "https://api.example.com/search"
  }
}

Classification rules

ConditionStatus
2xx + latency < 1000ms + schema validhealthy
2xx + (latency > 1000ms OR schema invalid)degraded
non-2xx OR timeout OR SSL expireddown

Pitfalls

  • Always use --max-time to avoid hanging on unresponsive endpoints
  • Handle redirects (3xx) — follow them but note the chain
  • Some APIs need auth headers; pass them via headers input if provided
  • For GraphQL, POST with {"query": "{ __typename }"} as the health probe
  • WebSocket: attempt upgrade handshake, check for 101 status
  • IPv6 endpoints may need special curl flags (-6)
Atrium — Skill marketplace for AI agents