Show IH: CheckAPI โ API monitoring that catches silent failures, not just HTTP 200
Hey IH ๐
I'm Sewon, a solo developer from Seoul. I just launched CheckAPI โ an API monitoring
tool with a specific focus on silent failures.
The problem I kept running into
Standard monitors check HTTP status codes. But what about this scenario:
- Your API returns 200 OK โ
- But the response body is empty, malformed, or contains {"error": "db_connection_failed"} โ
Your monitor says everything is fine. Your users are experiencing a broken product.
This is a silent failure โ and it's more common than you'd think.
What CheckAPI does differently
Response body validation with three modes:
- Keyword โ must be present ("status":"ok") or absent ("error")
- Regex โ pattern matching for structured responses
- JSON Path โ coming soon
Plus the usual stuff: 5 alert channels (Email, Slack, Telegram, Discord, Webhook),
public status pages, SSL expiry alerts, response time tracking.
Why I built this (beyond the technical reason)
UptimeRobot restricted commercial use on free plans in December 2024. A lot of indie
hackers got caught off guard. CheckAPI's free plan (10 monitors) has zero commercial
restrictions โ forever.
##Stack
Open source (MIT): github.com/JEONSEWON/CheckAPI
##Pricing
Free โ $5 โ $15 โ $49/mo
Live at: checkapi.io
Would love feedback from this community โ especially around what monitoring features
you actually use vs. what sounds good on paper.
200 = healthy ๊ทธ์น. Cloudflare billing API๋ ๊ณ์ ์ด ๋ง์ด ๊ฐ๋ 200 OK๋ก ์๋ตํ๋๋ผ๊ณ . 9์๊ฐ ๋์ locked out ๋ ํ์ ์๊ฒ ๋์
๊ทผ๋ฐ false positive๋ ์ด๋ป๊ฒ ์ฒ๋ฆฌํ๋์? semantic check๋ ์ข๊ธด ํ๋ฐ, ์ง์ง schema change ํฐ์ง๋ฉด ์๋ฒฝ 3์์ ๋ค๋ค ํ์ด์ง ๋ ์์ค๋ ๊ฑฐ ์๋๊ฐ
์ ๊ธด ๊ณ์ ์์ Cloudflare ๋น๋ง์ด 200 ๋ฐํํ๋ ๊ฑฐ โ
๊ทธ๊ฒ ๋ฑ ๋ณด์ด์ง ์๋ค๊ฐ ๊ฐ์๊ธฐ ๋ณด์ด๋ ์ฅ์ ํจํด์ด์์.
9์๊ฐ์ ์๊ฒ ๋๊ธฐ๊น์ง ๊ธด ์๊ฐ์ด์ฃ .
False positive์ ๋ํด์ โ ํ๋นํ ์ฐ๋ ค์์, ์ฒ๋ฆฌ ๋ฐฉ์์ ์ด๋ ์ต๋๋ค:
์ฐ์ ์คํจ ์๊ณ๊ฐ
๋จ์ผ ์คํจ ์ฒดํฌ๋ ์๋ฆผ์ ๋ฐ์์ํค์ง ์์์.
์ฌ๋ฌ ์ฒดํฌ์ ๊ฑธ์ณ ์ง์์ ์ธ ์คํจ๋ง ์๋ฆผ์ ํธ๋ฆฌ๊ฑฐํด์.
์ผํ์ฑ ์คํค๋ง ํ์ปต์ผ๋ก ์๋ฒฝ 3์์ ์๋ฌด๋ ์ ๊นจ์ด๋์.
์ํ ๋ณํ๋ง
์๋ฆผ์ ์ํ ์ ํ ์์๋ง ๋ฐ์ํด์ โ ์ ์ โ ๋ค์ด, ๋ค์ด โ ์ ์.
๋งค๋ฒ ์คํจํ ์ฒดํฌ๋ง๋ค๊ฐ ์๋์์. ๊ทธ๋์ ํ๋ณต๋๋ ๋ถ์์ ํ ์๋ต์ด
ํฐ์ ์คํธํ์ง ์์์.
Maintenance Window
๊ณํ๋ ๋ฐฐํฌ, ์คํค๋ง ๋ง์ด๊ทธ๋ ์ด์ , ์๋์ ์ธ ๋ณ๊ฒฝ โ
ํน์ ์๋์ฐ ๋์ ๋ชจ๋ํฐ๋ง์ ๋ฎคํธํ ์ ์์ด์
์์๋ ๋ณ๊ฒฝ์ด ์๋ฆผ์ ํธ๋ฆฌ๊ฑฐํ์ง ์์์.
์์งํ ๋ต๋ณ์: assertion์ ์ ๋ฐ์ดํธํ์ง ์๊ณ ์คํค๋ง๋ฅผ ๋ฐ๊พธ๋ฉด
ํ์ด์ง ๋ ์์์. ๊ทผ๋ฐ ๊ทธ๊ฑด ๋ฒ๊ทธ๊ฐ ์๋๋ผ ๊ธฐ๋ฅ์ด์์ โ
assertion์ API์์ ๊ณ์ฝ์ด์์.
์คํค๋ง ๋ณ๊ฒฝ = ๊ณ์ฝ ํ๊ธฐ = ๋๊ตฐ๊ฐ ์์์ผ ํจ.
ํด๊ฒฐ์ฑ ์ ๋ฐฐํฌ ํ๊ฐ ์๋๋ผ ๋ฐฐํฌ ์ ์ assertion์ ์ ๋ฐ์ดํธํ๋ ๊ฑฐ์์.
์ ๋ ๋น์ทํ ํจํด์ธ๋ฐ์. ํ๋ฒ ํ๋ค๋ ธ์ ๋ ์๋ฒฝ ์๋ฆผ ๋ณด๋ด๋ฉด ๊นจ์ง๋ ๊ฒ ๋๋ฌด ๋นจ๋ผ์์
assertion๊ฐ ๊ณ์ฝ์ด๋ผ๋ ๋ง๋ ๋ง์ฃ . ์๋์ ์ผ๋ก ๊นจ์ง๊ฒ ํ๋ ๊ฒ ๋์ํ๋ฆฐ ๊ฐ์ ํ๋ ๋ฉ์ปค๋์ฆ์ด๊ณ
partial failure๋ ์ด๋ป๊ฒ ์ฒ๋ฆฌํ์ธ์? 200 OK์ธ๋ฐ ํ์ ํ๋ ์ผ๋ถ ๋๋ฝ๋ ์ผ์ด์ค assertion ์๊ฑฐ๋ ํ๋๊ฐ ๊ทธ๋ฅ ํต๊ณผ๋๋ฉด ์ง์ง ์ต์ ์ด๋ผ์์
"์๋์ ์ผ๋ก ๊นจ์ง๊ฒ ํ๋ ๊ฒ ๋์ํ๋ฆฐ ๊ฐ์ ํ๋ ๋ฉ์ปค๋์ฆ" โ
์ ํํด์. Assertion์ ๊ทธ๋ฅ ์ฒดํฌ๊ฐ ์๋๋ผ ์ฝ์์ด์์.
Partial failure์ ๋ํด์ โ ์ฌ๊ธฐ์ JSONPath assertion์ด
ํค์๋ ์ฒดํฌ๋ณด๋ค ํจ์ฌ ์ ์ฉํด์ ธ์.
ํค์๋: "data" ์กด์ฌ โ data๊ฐ null์ด๊ฑฐ๋ ๋ถ์์ ํด๋ ํต๊ณผ
JSONPath: $.data.userId is not null AND $.data.token is not null โ
partial failure๋ฅผ ์ ํํ๊ฒ ์ก์์
์๋ฅผ ๋ค์ด ๋ก๊ทธ์ธ ์๋ํฌ์ธํธ:
$.status equals "ok"
AND $.data.userId is not null
AND $.data.token is not null
AND $.data.expiresAt is not null
์ธ ํ๋ ๋ชจ๋ ์กด์ฌํ๊ณ non-null์ด์ด์ผ ํด์.
ํ๋๋ผ๋ ๋๋ฝ = assertion ์คํจ = ์๋ฆผ ๋ฐ์.
HTTP ์ํ๊ฐ 200์ด๋ผ๋์.
์์งํ ํ๊ณ:
์ ๊ฒฝ ์ฐ๋ ๋ชจ๋ ํ๋๋ฅผ ๋ช ์์ ์ผ๋ก assertionํด์ผ ํด์.
assertion ์ ๊ฑด ํ๋๋ ์กฐ์ฉํ ํต๊ณผ๋ผ์.
๊ทธ๊ฒ ๋ฐ๋ก ๋์ํ๋ฆฐ ๋ถ๋ถ์ด์์ โ
assertion์ ๋น์ ์ด ์ฒดํฌํ ๊ฑธ ์๊ฐํ ๊ฒ๋งํผ๋ง ์ข์์.
Hey @JEONSEWON, left a comment on your CheckAPI Show IH post yesterday โ
really liked the "200 doesn't mean healthy" angle, that's exactly the kind
of silent failure that burns indie devs.
I'm building in the adjacent lane: StatusPageBuddy, a free status page for
indie SaaS (statuspagebuddy.com). Where CheckAPI catches the issue, SPB is
how you tell your users about it.
Not pitching anything โ just wanted to say hi, since we're clearly shipping
to the same people. If you ever want to compare notes on indie SaaS
distribution, I'm around.
Hey! Really appreciate you reaching out.
"Where CheckAPI catches the issue, SPB is how you tell your users about it" โ
that's a clean way to put it. Genuinely complementary products.
CheckAPI actually has a built-in Public Status Page too, but the focus is
different โ ours is tied directly to monitor results,
yours sounds more polished for user-facing communication.
Would love to compare notes on distribution.
Indie SaaS targeting devs is a tough audience to reach before something breaks.
Let's connect!
Glad it landed!
Re built-in status page, totally fair, lots of monitoring tools bundle one. The split I keep coming back to: who buys for "I want to detect" vs who buys for "I want to communicate". Sometimes same person, often not. Curious how you've seen that buyer split for CheckAPI.
On distribution, I'm two weeks in and hitting the same wall you described. The only channel that's actually worked so far is replying to GitHub issues where someone literally types "how do I set up a status page" meeting them at the moment of need. Cold outreach to indie devs before they have a problem is brutal.
Let's take it to email, easier than IH threads for back-and-forth. Mine is [email protected]. Drop yours and I'll kick off a thread.
Either way, glad we're shipping to the same people.
โ Hao
โCatching silent failures beyond the status 200 is criticalโso many dev teams miss broken logic because the server is technically 'up.'Nice idea, this could be a good way to test it. Thereโs a competition where you can submit it โ entry is $19 and winner gets a Tokyo trip.Prize pool just opened at $0 so your odds are the best right now.โ
Catching semantic failures is the part most API monitors skip, and it's usually where the painful bugs hide. The hard part is letting people express "200 but wrong payload, empty result, stale data" without turning setup into a test framework. Curious how CheckAPI handles assertions and false positives, that's where these tools usually win or lose.
Great question โ you nailed the exact pain point most tools miss.
Right now, CheckAPI handles semantic failures through Keyword + Regex validation on the response body.
You define what โgoodโ or โbadโ looks like directly in the monitor settings (e.g.
"status":"ok",userIdexists,count > 0, or any regex pattern).Itโs deliberately simple so it doesnโt turn into a full test framework. Youโre not writing assertions in code โ just telling us what string or pattern should (or should not) be present.
On false positives: because itโs keyword/regex based and you control the exact pattern, false positives are actually quite low once set up correctly. We also give you a โtest alertโ button so you can verify before going live.
JSON Path + more structured assertions are already on the near-term roadmap (we know many people want to check nested fields, array lengths, etc. without regex).
Would love to hear your take โ what kind of semantic checks have bitten you the most in the past? (empty arrays, wrong status inside 200, stale timestamps, etc.)
Happy to show you exactly how it works if you want.
This is a really interesting angle โ those โeverything looks fine but itโs notโ failures are the worst to catch.
Curious if most people come to this after something breaks, or if youโre seeing teams actually monitor this proactively?
Thanks for the thoughtful comment!
Right now, the vast majority of people (including our first 7 users) come to CheckAPI after theyโve already been burned by a silent failure.
They usually say something like:
โI thought everything was fine because I was getting 200 OKโฆ until customers started complaining.โ
That pain is exactly why I built this.
The goal is to help teams shift from reactive firefighting to proactive monitoring โ catching the hidden errors before they reach users.
Weโre still very early, but thatโs the direction weโre heading.
Would love to hear your take โ have you ever had a silent failure sneak past your current monitoring?
Yeah, Iโve seen this a couple of times โ especially where everything looks green on dashboards but something subtle breaks in the response.
The tricky part is teams donโt even think to monitor this until it hurts.
Feels like the real challenge is not just detection, but getting people to care about it before something breaks.
Exactly โ "it hurts first, then they care" is basically the adoption curve for this whole category.
The dashboard looks green, the monitor says up, and nobody questions it until a user
emails saying their data is wrong or their order didn't go through.
That's actually why I built the free plan the way I did โ lower the barrier so people
set it up before the incident, not after. But you're right that the harder problem is
changing the mental model entirely.
Most devs think "monitoring = is it up?"
The shift to "monitoring = is it actually working?" takes a wake-up call.
Congrats on the launch, Sewon.
Silent failures are a nightmare for developers, so catching what's actually inside the response body is a great focus.
I am also building something that solves a "silent" frustration for parents called WordyKid.
It is a tool that lets parents snap a photo of any physical worksheet or book and instantly turns it into a language game.
It is all about making sure the learning actually happens instead of just "completing" the task.
Good luck with the growth!
๐
Thank you! Really appreciate it.
"Completing the task" vs "actually learning" โ that's exactly the same problem
I'm solving on the API side. The surface looks fine, but nothing real is happening underneath.
WordyKid sounds genuinely useful. Snapping a worksheet and turning it into a game
is the kind of thing parents will love. Good luck with it! ๐