Ideas for Apica Synthetic Monitoring

Got an idea? Share it here and we'll have a look at it.

Create Checksum of a HTTP Response and flag if contents changed.

Probably more one for the URLv2 monitor type but...

I have had nightmares in the past with vendors changing specs in ways that make their API not backward compatible, and having 'apps' or otherwise other code out there in the wild which is now unable to consume this API.


How I handled this previously was to write a script to consume the HTML of the SOAP WSDL response, and create a checksum (md5/sha1 etc) of the response. This fingerprint was then used to determine if anything about the service changed, since changing a spec changes the wsdl which changes the fingerprint. This was more robust than regex string matching when dealing with so much content and needing to track any change at all.


Ideally I would like to Setup a URLv2 check and in the check setup have it create a checksum of the page. Then if the check runs and produces a different checksum of the page contents - a fatal alert is raised.


Would be interested to hear your thoughts on this or thoughts around any particular methodologies or techniques where you think Apica can help with Native Smartphone App monitoring. We haven't really touched on this so far in the relationship.

  • Guest
  • Sep 22 2014
  • Already exists
  • Attach files
  • Admin
    Erik Torlen commented
    October 26, 2014 17:05

    Hi Richard,

    This can be achieved by using the Content Pattern matching functionality inside of the Urlv2 checks. You select what string to match against, either literal or regex, and everytime the response is received this verification is done against the content.

    What I don't see as a benefit of using a hash would be that if any dynamic data changes in the response content it would break the check result. 
    Not sure if you mean hashing the response content, or just something else?

    Regarding native app monitoring I would suggest ProxySniffer to make a user scenario recording for native apps. I would guess that by this time you would have spoked to Elis about it, if not we'll discuss it in Manchester this week.

    /E

  • Guest commented
    October 27, 2014 08:19

    Hi Erik,

    It’s no problem if you don’t want to take this forward. It is an approach I used previously with some success. If you’re publishing a SOAP API then you expose the WSDL. We found it useful to monitor the WSDL for any changes, since any unpublished changes to the spec by naughty vendors would likely impact the app.

    I think it is still an interesting option for other use-cases such as static sites that you want to monitor in as a robust way as possible i.e. for defacement. I’ve seen too many sites defaced and magically the footer that you’re looking for in any check string is still there! ☺

    We could have a chat tomorrow on this anyway.

    Richard

  • Gravatar