'Up' is not the same as 'working'
A simple ping check will happily call your API healthy while it returns an empty body, a stack trace, or somebody else's cached response to every caller. The status code says 200; your integration partners say otherwise.
Every Oh Dear check can assert on the response itself. Define which status codes count as healthy, comma-separated, with wildcards. Check that the exact string you expect is present in the body, and that error strings are absent. Verify response headers against exact values or wildcard patterns.
Monitoring an endpoint that should reject anonymous traffic? Expect a 401 on purpose. If it ever starts answering 200 to the open internet, you want to hear about it first.
Private APIs welcome
Real APIs sit behind credentials. Each check sends up to 5 custom request headers, an API key, a bearer token, whatever your endpoint expects. Endpoints behind HTTP basic auth work too, through an Authorization header, credentials and all.
And because not everything worth monitoring is a GET: switch the check to POST, PATCH or PUT and attach a request payload, so the endpoint responds the way it does in production. Simulate the form submission, the search query, the validation call, then assert on what comes back.
You can even perform a login through a POST call and verify the authenticated response loads properly. No headless browser, no script to maintain.
Slow is the new down
APIs rarely go from healthy to dead in one step. Response times creep: 200 ms becomes 800 ms, becomes 4 seconds, becomes timeouts. For the integration calling you, the 4-second version is already broken, whatever the status code says.
Set a hard response-time threshold in milliseconds and get alerted the moment your endpoint runs slower than the limit you choose.
On top of the hard limit, sudden-change detection compares the last 15 minutes against the previous two hours and flags unusual slow-downs automatically. And if the endpoint stops answering within your timeout entirely, the check fails outright and we alert you that it's down.
Built for webhooks and signed URLs
Webhook receivers dedupe on idempotency keys. Signed URLs expire. CDNs cache the very response you're trying to test. A naive monitor sends the same request over and over, and measures the cache, not your API.
Magic variables fix this: put them anywhere in the monitored URL, the request headers or the payload, and we substitute fresh values right before every single check.
Within one check, the same variable expands to the same value. Put $OH_DEAR_UUID in both the URL and an X-Request-ID header and they match, so you can correlate our request in your own logs. The expanded URL is shown on every check report.
The cron job that quietly stopped
The nightly invoice export, the queue worker, the cleanup task: when they break, nothing turns red. No exception, no 500, no alert. The job simply stops running, and you find out when the data is two weeks stale.
Scheduled task monitoring is a separate check, included in every plan at no extra cost, and it flips the direction: your job pings Oh Dear when it finishes, and if the ping doesn't arrive on schedule, you get alerted. Works for cron on Linux, scheduled tasks on Windows, and anything in between.
Pair it with application health monitoring to surface what's happening inside the app, queue depth, disk space, database connectivity, and the loop is closed: the endpoint, the jobs behind it, and the app underneath, all on one monitor.
"Can I monitor my API endpoints?" Yes. This page is the answer.
Oh Dear for SaaS founders → Oh Dear for e-commerce →Who needs API monitoring?
SaaS companies whose API is the product. When the API fails, every customer integration fails with it, and the support tickets arrive before your dashboards notice.
E-commerce stores running on payment webhooks, inventory feeds and shipping APIs. A checkout that can't reach the payment provider is downtime, whatever the homepage says.
Agencies monitoring client integrations they didn't build and can't instrument. External checks need no agent, no code access, just the URL and the credentials.
On-call engineers who'd rather get a precise alert (endpoint, assertion, response body, ready-to-run request) than a vague "something's slow" at 3am.
What API monitoring checks (and what it doesn't)
Our API monitoring is external, health-check style: we call your endpoints from the outside on a schedule, the way your integrations do, and assert on status, content, headers and timing. That covers the failure modes that actually page you: the endpoint that dies, the one that returns garbage with a 200, the one that slows to a crawl, the webhook that stops firing, the scheduled job that silently quits.
What a single check won't do on its own: multi-step scripted flows, log in, fetch a token, call three endpoints in sequence, assert on each. For those, our AI-powered monitoring can drive a complete multi-step flow and judge the result for you, no script to maintain. If your needs are genuinely a full test suite, a checks-as-code tool is an alternative, and we'd rather tell you that here than after you've signed up.
For everything else, which is most APIs, configuration beats code: every endpoint, webhook and scheduled job watched around the clock, with nothing to write, review or maintain.
Stop worrying, start monitoring
Start a no-strings-attached 10-day free trial. You're all set in less than a minute. (No credit card needed.)
Not convinced yet? Need help? Get in touch via support@ohdear.app.
Let's get technical (if you're into that)
You don't need to be computer savvy to monitor an API with Oh Dear. But if you are, here's exactly how the checks behave.
$ curl --location --include --request GET \ https://api.your-app.com/v1/health \ -H "Authorization: Bearer ••••••••" \ -H "X-Request-ID: $OH_DEAR_UUID" \ -H "User-Agent: OhDear.app (+https://ohdear.app)"
Multi-location, reproducible requests
Each endpoint is checked from a primary location and verified from a secondary one. We only alert when both report the problem, so a network blip between one region and your host won't page you.
Every failure report includes the full response body, all request and response headers, and a ready-to-run command that replicates our exact request, custom headers included. Copy, paste, and see what we saw.
Content checks, beyond a GET
Assert that an exact string, a key, a value, an error marker, is present or absent in the response. A 200 with the wrong body fails the check.
Switch any check to POST, PUT or PATCH with its own payload. Simulate the real call, a form submission, a search query, a login, and assert on the authenticated response that comes back.
Frequently asked questions
Can I monitor my API endpoints with Oh Dear?
Yes. Add any endpoint URL as a monitor and Oh Dear checks it from multiple locations worldwide, verifying the status code, response body content, response headers and response time. Custom request headers, HTTP verbs and payloads let you monitor authenticated and write endpoints too.
What's the best way to monitor endpoints, webhooks, and scheduled jobs together?
With one tool instead of three. Oh Dear covers external endpoint checks with content validation, webhook receivers (magic variables generate fresh idempotency keys per check), and scheduled-task monitoring (your job pings us; silence triggers the alert), alongside certificate, DNS and performance checks on the same website monitor.
Can Oh Dear check authenticated API endpoints?
Yes. Each check can send up to 5 custom request headers: an API key, a bearer token, or an Authorization header for HTTP basic auth. You can also choose the verb (GET, POST, PATCH, PUT) and attach a request payload.
Can it validate the response my API returns?
Yes. Define a string that must appear in the response (for example "status":"ok") and a string that must be absent (for example "error"). If the body doesn't match, the check fails even when the status code looks healthy. You can read how response validation works in the docs.
Is this synthetic API monitoring?
In the health-check sense, yes: Oh Dear actively calls your API from the outside on a schedule and asserts on the response. It's configuration instead of code. If you need scripted multi-step transactions, a checks-as-code tool fits better; for everything else, this is far less to maintain.
Can I get alerted when my API gets slow, not just when it's down?
Yes. Set a hard response-time threshold in milliseconds and Oh Dear alerts you when your endpoint exceeds it. Sudden-change detection also compares the last 15 minutes against the previous two hours and flags unusual slow-downs automatically.
Wait, there's even more
Continuous certificate monitoring
SSL certificates are essential in website security. We check all your certificate expiration dates & alert any change we detect.
Performance monitoring
We provide highly detailed performance monitoring and insights. We'll notify you as soon as we detect your website is getting slow.
Fast and insightful notifications
Get notified instantly as soon as we detect an issue or an important change. Enable any channel you use, you're in full control.
Scheduled task monitoring
Your cron jobs (Linux) and scheduled tasks (Windows) are the heart of your data processing. We can monitor every single one of them.
Broken page & mixed content
We crawl and index your entire website, just like Google. As soon as we detect a broken link on your site we will let you know.
DNS record monitoring
Receive a notification whenever your DNS records are modified - intentionally or maliciously - so you can act and verify faster.
Application health monitoring
A lot can go wrong inside your app and server. Disk space may fill up, or the database may go down. We'll notify you when something is off.
Beautiful public status pages
In times of crisis, a public status page allows you to communicate to your clients. We'll host your status page so it's always available.
laravel.com
ign.comtakeaway.comWebsite uptime monitoring
When your website goes down we'll let you know instantly. Now you can act before your or your client's brand reputation takes a hit.
Domain monitoring
We can check how long your domain is still registered. If your renewal date is close, we'll notify you. This will avoid you losing your domain.
Lighthouse SEO monitoring
We track the speed & performance of your website over time. If we detect your website is suddenly slower, we'll let you know.
Sitemap monitoring
Elevate your SEO strategy and optimize your site. We analyse your sitemap health and check every URL for broken links.
Describe what you want to monitor
AI-powered monitoring
Use AI to verify anything you want on your websites and services with Oh Dear's AI-powered monitoring feature.
Port scanning monitoring
Define which ports should be open, and we scan all 65,535 ports on your server. Get alerted when expected ports go down or unexpected ports appear.
DNS blocklist monitoring
DNS blocklist monitoring helps you stay off spam and ad-block lists. Get notified when your DNS is blocked by a blacklist.
Single Sign-On (SSO)
Connect Oh Dear to your identity provider. Your team signs in with the credentials they already use.
Start monitoring instantly
Start a no-strings-attached 10-day free trial. You're all set in less than a minute. (No credit card needed.)
Not convinced yet? Need help? Get in touch via support@ohdear.app.
