SAM API Monitoring - Where do I start?

There is a lot of ways you can go with this, and I don't know your environment or monitoring setup.

If these are local servers, the first step  is to make sure the infrastructure is monitored, including the servers.

Then you move the SAM Application monitors, including the Appinsight for IIS (if you are using IIS).  Even without IIS, you might want SAM HTTPS monitors for the cluster (the load balancer), and one on each of the servers individually.

Then you move into the API Poller monitors, where you need to pass information to the API and see if you get the expected results.

Maybe this is too high level, and you need more specific information about the API polling, but a lot of that is specific to what you are polling, and you should probably just jump right in and then when you hit a snag ask a question and give us an example of what you are trying to do.

This is quite a vague question because we don't know what setups you have for authorisation in the API call, or what you're looking at monitoring. I use APIs for Azure polling and this might be different to what your aim is. I'll say one thing though, the biggest pain and the most poorly documented is OAUTH2 authorisation setups. Here, the free Postman app is your friend.

My issue is I do not understand what an API does/information/etc and we have various APIs here but I do not know where to start.  I found this and started working on DPA API since it looks like there is some good documents around the DPA API - https://documentation.solarwinds.com/en_vers/success_center/dpa/2024-2/content/dpa-use-swagger-interface.htm?cshid=useAPI

Once I figure out what/how I am sure this will all fall into place. 

The poor documentation on the how to setup the authentication part is what is tripping me up.  I am trying to figure out how API monitoring works and the data you get out of it.  Right now I do not have a specific question I am just trying to figure out the best way to get my head wrapped around APIs.  DPA has some good docs on how to access and setup API access to DPA.  I was working with that last week for a start to figure things out.  I ran into an issue because I setup access token but DPA did not like it. 

The thing that tripped me up back in the beginning was that for OAUTH2 you need the tenant (directory) ID to get an access token. It also requires which backend process you're using for the data, eg a plain Microsoft login for a service endpoint or a Microsoft Graph. 90% of ours are plain logins against the endpoint we create in various customer tenants.

In the auth settings in the GUI:

The client ID and secret (secret value NOT secret ID) come from EntraID when you create a read only endpoint for API access, basically an authentication method.
The scope is what I mentioned above - in our case it's just a login, but you can also use graph.azure.com and others. A good place to test graph logins and things is the Microsoft Graph Explorer - Graph Explorer | Try Microsoft Graph APIs - Microsoft Graph.

Postman - Download Postman | Get Started for Free - is a free download which lets you try different things with the aim of getting the URL request headers correct in terms of access tokens - each query you create has an 'authentication' tab which lets you fill in the same details as the Solarwinds credential editor and hit the 'get token' button to see if you were successful. It adds the 'bearer' header which contains the token if you were.

Once you've cracked the authentication issue with Postman's help, you can use that credential against any of the baked-in API pollers. If you get a good query after hitting 'send' in the poller config you'll get a request status of 200 and the data picker will let you pick values to monitor. That part isn't very intuitive, but IIRC the docs for that are OK.

I'm sans solarwinds for a few days but this is the sort of thing i do a lot, if you're still struggling later in the week/early next week we could have a chat if you like

Thank you!  I will definitely let you know how it goes. 

Thank you!!!

To start with API monitoring in SAM/Orion, begin by using the HTTP Custom Monitor template, which allows you to monitor your API endpoints by checking things like status codes and response times. You can create a new application monitor in SAM by selecting the REST API Monitor template, where you’ll enter the API’s URL and configure any necessary authentication. As you set it up, make sure to define thresholds for response times or error rates to receive alerts when things go wrong. If you're also interested in mobile apps like Nulls Brawl APK, monitoring APIs related to app performance can be a useful addition. Since you’re on Orion 2024.1 and planning to upgrade to 2024.2.1, check SolarWinds documentation for any updates or features that might be relevant. Once you’re comfortable with the basics, you can start monitoring your custom APIs and adjust the configuration as needed.

I've had mixed results with the rest calls from SolarWinds.  I normally struggle with the credential set, and that passing to the application in a way that our application works.  I couldn't tell you if its our application, SolarWinds, or a combo of both.

I've had better success utilizing a powershell monitor and utilizing either Invoke-RestMethod or Invoke-WebRequest.