Building Resilient APIs: Mistakes I Made and How I Overcame Them
Jan 04, 2025 pm 03:48 PM
APIs are the backbone of modern applications. When I first started building APIs with Spring Boot, I was so focused on delivering features that I overlooked one crucial aspect: resilience. I learned the hard way that an API’s ability to gracefully handle failures and adapt to different conditions is what makes it truly dependable. Let me take you through some mistakes I made along the way and how I fixed them. Hopefully, you can avoid these pitfalls in your own journey.
Mistake 1: Ignoring Timeout Configurations
What Happened: In one of my early projects, I built an API that made external calls to third-party services. I assumed those services would always respond quickly and didn’t bother setting timeouts. Everything seemed fine until traffic increased, and the third-party services started slowing down. My API would just hang indefinitely, waiting for a response.
Impact: The API’s responsiveness took a nosedive. Dependent services started failing, and users faced long delays—some even got the dreaded 500 Internal Server Error.
How I Fixed It: That’s when I realized the importance of timeout configurations. Here’s how I fixed it using Spring Boot:
@Configuration
public class RestTemplateConfig {
@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) {
return builder
.setConnectTimeout(Duration.ofSeconds(5))
.setReadTimeout(Duration.ofSeconds(5))
.additionalInterceptors(new RestTemplateLoggingInterceptor())
.build();
}
// Custom interceptor to log request/response details
@RequiredArgsConstructor
public class RestTemplateLoggingInterceptor implements ClientHttpRequestInterceptor {
private static final Logger log = LoggerFactory.getLogger(RestTemplateLoggingInterceptor.class);
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body,
ClientHttpRequestExecution execution) throws IOException {
long startTime = System.currentTimeMillis();
log.info("Making request to: {}", request.getURI());
ClientHttpResponse response = execution.execute(request, body);
long duration = System.currentTimeMillis() - startTime;
log.info("Request completed in {}ms with status: {}",
duration, response.getStatusCode());
return response;
}
}
}
This configuration not only sets appropriate timeouts but also includes logging to help monitor external service performance.
Mistake 2: Not Implementing Circuit Breakers
What Happened: There was a time when a our internal service we depended on went down for several hours. My API didn’t handle the situation gracefully. Instead, it kept retrying those failing requests, adding more load to the already stressed system.
Cascading failures are one of the most challenging problems in distributed systems. When one service fails, it can create a domino effect that brings down the entire system.
Impact: The repeated retries overwhelmed the system, slowing down other parts of the application and affecting all users.
How I Fixed It: That’s when I discovered the circuit breaker pattern. Using Spring Cloud Resilience4j, I was able to break the cycle.
@Configuration
public class Resilience4jConfig {
@Bean
public CircuitBreakerConfig circuitBreakerConfig() {
return CircuitBreakerConfig.custom()
.failureRateThreshold(50)
.waitDurationInOpenState(Duration.ofSeconds(60))
.permittedNumberOfCallsInHalfOpenState(2)
.slidingWindowSize(2)
.build();
}
@Bean
public RetryConfig retryConfig() {
return RetryConfig.custom()
.maxAttempts(3)
.waitDuration(Duration.ofSeconds(2))
.build();
}
}
@Service
@Slf4j
public class ResilientService {
private final CircuitBreaker circuitBreaker;
private final RestTemplate restTemplate;
public ResilientService(CircuitBreakerRegistry registry, RestTemplate restTemplate) {
this.circuitBreaker = registry.circuitBreaker("internalService");
this.restTemplate = restTemplate;
}
@CircuitBreaker(name = "internalService", fallbackMethod = "fallbackResponse")
@Retry(name = "internalService")
public String callInternalService() {
return restTemplate.getForObject("https://internal-service.com/data", String.class);
}
public String fallbackResponse(Exception ex) {
log.warn("Circuit breaker activated, returning fallback response", ex);
return new FallbackResponse("Service temporarily unavailable",
getBackupData()).toJson();
}
private Object getBackupData() {
// Implement cache or default data strategy
return new CachedDataService().getLatestValidData();
}
}
This simple addition prevented my API from overwhelming itself, internal service or the third-party service, ensuring system stability.
Mistake 3: Weak Error Handling
What Happened: Early on, I didn’t put much thought into error handling. My API either threw generic errors (like HTTP 500 for everything) or exposed sensitive internal details in stack traces.
Impact: Users were confused about what went wrong, and the exposure of internal details created potential security risks.
How I Fixed It: I decided to centralize error handling using Spring’s @ControllerAdvice annotation. Here’s what I did:
@Configuration
public class RestTemplateConfig {
@Bean
public RestTemplate restTemplate(RestTemplateBuilder builder) {
return builder
.setConnectTimeout(Duration.ofSeconds(5))
.setReadTimeout(Duration.ofSeconds(5))
.additionalInterceptors(new RestTemplateLoggingInterceptor())
.build();
}
// Custom interceptor to log request/response details
@RequiredArgsConstructor
public class RestTemplateLoggingInterceptor implements ClientHttpRequestInterceptor {
private static final Logger log = LoggerFactory.getLogger(RestTemplateLoggingInterceptor.class);
@Override
public ClientHttpResponse intercept(HttpRequest request, byte[] body,
ClientHttpRequestExecution execution) throws IOException {
long startTime = System.currentTimeMillis();
log.info("Making request to: {}", request.getURI());
ClientHttpResponse response = execution.execute(request, body);
long duration = System.currentTimeMillis() - startTime;
log.info("Request completed in {}ms with status: {}",
duration, response.getStatusCode());
return response;
}
}
}
This made error messages clear and secure, helping both users and developers.
Mistake 4: Neglecting Rate Limiting
What Happened: One fine day, we launched a promotional campaign, and the traffic to our API skyrocketed. While this was great news for the business, some users started spamming the API with requests, starving others of resources.
Impact: Performance degraded for everyone, and we received a flood of complaints.
How I Fixed It: To handle this, I implemented rate limiting using Bucket4j with Redis. Here’s an example:
@Configuration
public class Resilience4jConfig {
@Bean
public CircuitBreakerConfig circuitBreakerConfig() {
return CircuitBreakerConfig.custom()
.failureRateThreshold(50)
.waitDurationInOpenState(Duration.ofSeconds(60))
.permittedNumberOfCallsInHalfOpenState(2)
.slidingWindowSize(2)
.build();
}
@Bean
public RetryConfig retryConfig() {
return RetryConfig.custom()
.maxAttempts(3)
.waitDuration(Duration.ofSeconds(2))
.build();
}
}
@Service
@Slf4j
public class ResilientService {
private final CircuitBreaker circuitBreaker;
private final RestTemplate restTemplate;
public ResilientService(CircuitBreakerRegistry registry, RestTemplate restTemplate) {
this.circuitBreaker = registry.circuitBreaker("internalService");
this.restTemplate = restTemplate;
}
@CircuitBreaker(name = "internalService", fallbackMethod = "fallbackResponse")
@Retry(name = "internalService")
public String callInternalService() {
return restTemplate.getForObject("https://internal-service.com/data", String.class);
}
public String fallbackResponse(Exception ex) {
log.warn("Circuit breaker activated, returning fallback response", ex);
return new FallbackResponse("Service temporarily unavailable",
getBackupData()).toJson();
}
private Object getBackupData() {
// Implement cache or default data strategy
return new CachedDataService().getLatestValidData();
}
}
This ensured fair usage and protected the API from abuse.
Mistake 5: Overlooking Observability
What Happened: Whenever something went wrong in production, it was like searching for a needle in a haystack. I didn’t have proper logging or metrics in place, so diagnosing issues took way longer than it should have.
Impact: Troubleshooting became a nightmare, delaying issue resolution and frustrating users.
How I Fixed It: I added Spring Boot Actuator for health checks and integrated Prometheus with Grafana for metrics visualization:
@RestControllerAdvice
@Slf4j
public class GlobalExceptionHandler extends ResponseEntityExceptionHandler {
@ExceptionHandler(HttpClientErrorException.class)
public ResponseEntity<ErrorResponse> handleHttpClientError(HttpClientErrorException ex,
WebRequest request) {
log.error("Client error occurred", ex);
ErrorResponse error = ErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(ex.getStatusCode().value())
.message(sanitizeErrorMessage(ex.getMessage()))
.path(((ServletWebRequest) request).getRequest().getRequestURI())
.build();
return ResponseEntity.status(ex.getStatusCode()).body(error);
}
@ExceptionHandler(Exception.class)
public ResponseEntity<ErrorResponse> handleGeneralException(Exception ex,
WebRequest request) {
log.error("Unexpected error occurred", ex);
ErrorResponse error = ErrorResponse.builder()
.timestamp(LocalDateTime.now())
.status(HttpStatus.INTERNAL_SERVER_ERROR.value())
.message("An unexpected error occurred. Please try again later.")
.path(((ServletWebRequest) request).getRequest().getRequestURI())
.build();
return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(error);
}
private String sanitizeErrorMessage(String message) {
// Remove sensitive information from error messages
return message.replaceAll("(password|secret|key)=\[.*?\]", "=[REDACTED]");
}
}
I also implemented structured logging using the ELK Stack (Elasticsearch, Logstash, Kibana). This made logs far more actionable.
Takeaways
Building resilient APIs is a journey, and mistakes are part of the process. Here are the key lessons I learned:
- Always configure timeouts for external calls.
- Use circuit breakers to prevent cascading failures.
- Centralize error handling to make it clear and secure.
- Implement rate limiting to manage traffic spikes.
These changes transformed how I approach API development. If you’ve faced similar challenges or have other tips, I’d love to hear your stories!
End Note: Remember that resilience is not a feature you add—it's a characteristic you build into your system from the ground up. Each of these components plays a crucial role in creating APIs that not only work but continue to work reliably under stress.
The above is the detailed content of Building Resilient APIs: Mistakes I Made and How I Overcame Them. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Difference between HashMap and Hashtable?
Jun 24, 2025 pm 09:41 PM
The difference between HashMap and Hashtable is mainly reflected in thread safety, null value support and performance. 1. In terms of thread safety, Hashtable is thread-safe, and its methods are mostly synchronous methods, while HashMap does not perform synchronization processing, which is not thread-safe; 2. In terms of null value support, HashMap allows one null key and multiple null values, while Hashtable does not allow null keys or values, otherwise a NullPointerException will be thrown; 3. In terms of performance, HashMap is more efficient because there is no synchronization mechanism, and Hashtable has a low locking performance for each operation. It is recommended to use ConcurrentHashMap instead.
Why do we need wrapper classes?
Jun 28, 2025 am 01:01 AM
Java uses wrapper classes because basic data types cannot directly participate in object-oriented operations, and object forms are often required in actual needs; 1. Collection classes can only store objects, such as Lists use automatic boxing to store numerical values; 2. Generics do not support basic types, and packaging classes must be used as type parameters; 3. Packaging classes can represent null values ??to distinguish unset or missing data; 4. Packaging classes provide practical methods such as string conversion to facilitate data parsing and processing, so in scenarios where these characteristics are needed, packaging classes are indispensable.
What are static methods in interfaces?
Jun 24, 2025 pm 10:57 PM
StaticmethodsininterfaceswereintroducedinJava8toallowutilityfunctionswithintheinterfaceitself.BeforeJava8,suchfunctionsrequiredseparatehelperclasses,leadingtodisorganizedcode.Now,staticmethodsprovidethreekeybenefits:1)theyenableutilitymethodsdirectly
How does JIT compiler optimize code?
Jun 24, 2025 pm 10:45 PM
The JIT compiler optimizes code through four methods: method inline, hot spot detection and compilation, type speculation and devirtualization, and redundant operation elimination. 1. Method inline reduces call overhead and inserts frequently called small methods directly into the call; 2. Hot spot detection and high-frequency code execution and centrally optimize it to save resources; 3. Type speculation collects runtime type information to achieve devirtualization calls, improving efficiency; 4. Redundant operations eliminate useless calculations and inspections based on operational data deletion, enhancing performance.
What is an instance initializer block?
Jun 25, 2025 pm 12:21 PM
Instance initialization blocks are used in Java to run initialization logic when creating objects, which are executed before the constructor. It is suitable for scenarios where multiple constructors share initialization code, complex field initialization, or anonymous class initialization scenarios. Unlike static initialization blocks, it is executed every time it is instantiated, while static initialization blocks only run once when the class is loaded.
What is the Factory pattern?
Jun 24, 2025 pm 11:29 PM
Factory mode is used to encapsulate object creation logic, making the code more flexible, easy to maintain, and loosely coupled. The core answer is: by centrally managing object creation logic, hiding implementation details, and supporting the creation of multiple related objects. The specific description is as follows: the factory mode handes object creation to a special factory class or method for processing, avoiding the use of newClass() directly; it is suitable for scenarios where multiple types of related objects are created, creation logic may change, and implementation details need to be hidden; for example, in the payment processor, Stripe, PayPal and other instances are created through factories; its implementation includes the object returned by the factory class based on input parameters, and all objects realize a common interface; common variants include simple factories, factory methods and abstract factories, which are suitable for different complexities.
What is the `final` keyword for variables?
Jun 24, 2025 pm 07:29 PM
InJava,thefinalkeywordpreventsavariable’svaluefrombeingchangedafterassignment,butitsbehaviordiffersforprimitivesandobjectreferences.Forprimitivevariables,finalmakesthevalueconstant,asinfinalintMAX_SPEED=100;wherereassignmentcausesanerror.Forobjectref
What is type casting?
Jun 24, 2025 pm 11:09 PM
There are two types of conversion: implicit and explicit. 1. Implicit conversion occurs automatically, such as converting int to double; 2. Explicit conversion requires manual operation, such as using (int)myDouble. A case where type conversion is required includes processing user input, mathematical operations, or passing different types of values ??between functions. Issues that need to be noted are: turning floating-point numbers into integers will truncate the fractional part, turning large types into small types may lead to data loss, and some languages ??do not allow direct conversion of specific types. A proper understanding of language conversion rules helps avoid errors.
