Monitoring and Scanning System for APIs

Abstract

This article presents a comprehensive system for monitoring and scanning APIs, enabling developers, administrators, and IT professionals to oversee performance, availability, and security in real time. The platform integrates ASP.NET microservices, C++ modules for security-critical operations, and a Node.js Backend-for-Frontend built with Express.js and TypeScript, layered with an Angular interface to combine scalability with usability. Security is reinforced through hardware and operating system adaptive Argon2id password hashing, offline verification against a Have I Been Pwned binary dataset, and claims-based access control. The scanning subsystem evaluates TLS certificate validity, framework fingerprinting, header compliance, and open ports, while the monitoring layer collects response times, error rates, and system load. Deployment in Kubernetes with Istio ingress and ArgoCD pipelines provides resilience and automation, while Argo Workflows orchestrate unit and integration testing. By unifying monitoring, scanning, and adaptive protection, the system delivers a reliable and technically robust approach for maintaining secure API infrastructures in modern digital environments.