About

This API Fortress customer is a large integrated healthcare organization in the United States with multiple health systems operating under their umbrella. The parent organization manages a large portfolio of apps, APIs, and web services for subsidiary business units.

Evolving QA for FHIR® and APIs

This large healthcare customer requested anonymity due to the sensitive nature of the high volume of PHI (Private Health Information) and financial transaction data that they handle for their physicians, hospitals, and patients.

As with other healthcare companies, this customer’s IT department was overseeing a couple of significant and potentially risky migrations:

1) moving from on-premises datacenters to self-hosted public clouds
2) migrating from the CDA API protocol to FHIR®

Both migrations involve a sharp rise in the usage of database-connected REST APIs to accelerate the development of new features, tools, and applications. In an effort to accelerate their goals with these migrations, the healthcare customer supplemented their agile development processes with a CI/CD pipeline.

While development velocity did increase, so did the number of API errors that were not caught before going to production. Even worse, some bugs were only caught after going live. Any functional API errors may not only be devastating for the company and its customers – but also for the DevSecOps team as in the case of a recent Twitter API error that exposed the private data of 17 million accounts.

The healthcare company searched for multiple solutions to solve their three biggest needs:

Replace their unreliable API tests and monitors
Deploy proper automated API testing, and increase regression testing without decreasing go to market times
Detailed monitoring of these critical APIs for internal and external SLAs

With API Fortress, the healthcare company realized that only one platform could solve all of their biggest needs.

“When we switched to ‘functional uptime monitoring’ with API Fortress for our internal APIs, it transformed our ability to maintain internal and partner SLA guarantees. It’s mission-critical that our data-driven apps and APIs never go down or fail to perform at the highest levels. API Fortress has been vital in helping us to streamline our CI/CD pipeline with shift-left testing, and then leverage those functional tests as proper uptime monitors.”

Solution

The healthcare company did not know what they did not know. When they started a free trial of API Fortress, it did not take long to realize how many false-negatives that their traditional contract tests and ping/uptime monitors had been giving them.

“With API Fortress,” the Chief Architect at the Healthcare Company remarked, “Our Kibana dashboards suddenly lit up with detailed information related to functional API errors. We realized that the so-called synthetic monitoring that we’d been doing with our other APMs were simply not up to par, especially in our Jenkins CI/CD pipeline.”

With proper API testing automation, the healthcare company was able to discover functional errors early in the lifecycle thanks to data-driven regression testing. By going forward with data-driven functional testing, and then using those same tests as functional uptime monitors, they were able to unify all information for API quality on one centralized platform, while keeping notifications and test data in their existing platforms. The healthcare company’s technical, cybersecurity, and business leaders gained much needed confidence in their ability to uphold SLA guarantees during a fast transformation.