HTTP Monitoring

Overview

HTTP monitoring in UptimeHunt provides comprehensive website and API endpoint monitoring capabilities. This guide covers configuration, authentication, advanced features, and best practices for HTTP/HTTPS monitoring.

Basic Configuration

Required Parameters

Service Name

Descriptive identifier for the monitoring service

Example: "Production API Health Check"

URL

Complete endpoint URL including protocol

Format: https://example.com/path

Supports both HTTP and HTTPS

Maximum length: 4096 characters

HTTP Method

Request method to use for checks

Options: GET, POST, HEAD

Default: GET

Optional Parameters

Project

Project assignment for organization

Enabled

Toggle to activate/deactivate monitoring

Check Interval

Monitoring frequency in minutes (1-60)

Default: 3 minutes

HTTP Methods

GET

Standard method for retrieving resources.

Use Cases:

• Website homepage monitoring
• API endpoint availability
• Health check endpoints
• Status pages

Configuration:

• No request body required
• Can include custom headers
• Supports authentication

POST

Method for sending data to endpoints.

Use Cases:

• API endpoint testing with data
• Login endpoint validation
• Form submission monitoring
• Data processing endpoints

Configuration:

• Requires request body data
• Supports JSON, XML, form data
• Can include custom headers
• Supports authentication

HEAD

Lightweight method requesting only headers.

Use Cases:

• Quick availability checks
• Metadata verification
• Reduced bandwidth monitoring
• Response header validation

Configuration:

• No response body retrieved
• Faster than GET
• Limited validation options

Authentication

UptimeHunt supports multiple authentication methods for protected endpoints.

No Authentication

Default setting for public endpoints.

Configuration:

• Select "None" from authentication dropdown
• No additional parameters required

Use When:

• Monitoring public websites
• Accessing open APIs
• Checking unauthenticated endpoints

Basic Authentication

HTTP Basic Authentication using username and password.

Configuration:

1. Select "Basic" from authentication dropdown
2. Enter Username
3. Enter Password

Technical Details:

• Credentials sent in Authorization header
• Base64 encoded username:password
• Supported by most web servers
• Standard HTTP authentication method

Example Use Cases:

• Admin panels with basic auth
• Development/staging environments
• Legacy systems
• Simple authentication requirements

Security Considerations:

• Always use HTTPS with Basic Auth
• Credentials transmitted with every request
• Create dedicated monitoring credentials
• Limit credential permissions

Bearer Token

Token-based authentication for modern APIs.

Configuration:

1. Select "Bearer Token" from authentication dropdown
2. Enter your Bearer Token

Technical Details:

• Token sent in Authorization header
• Format: Authorization: Bearer {token}
• Common in RESTful APIs
• JWT token support

Example Use Cases:

• Modern REST APIs
• Microservices
• OAuth 2.0 protected resources
• JWT-authenticated endpoints

Security Considerations:

• Tokens may expire (plan for rotation)
• Use HTTPS to protect tokens
• Generate dedicated monitoring tokens
• Limit token permissions/scopes

Custom Headers

Add custom HTTP headers to requests for specialized monitoring scenarios.

Adding Headers

1. In service configuration, locate Headers section
2. Click "Add Header" button
3. Enter Header Name (e.g., Accept)
4. Enter Header Value (e.g., application/json)
5. Repeat for additional headers

Common Headers

Content-Type

Name: Content-Type
Value: application/json

Specifies request body format for POST requests.

Accept

Name: Accept
Value: application/json

Indicates expected response format.

User-Agent

Name: User-Agent
Value: UptimeHunt-Monitor/1.0

Identifies the monitoring client.

API-Key

Name: API-Key
Value: your-api-key-here

Custom API key authentication.

X-Custom-Header

Name: X-Custom-Header
Value: custom-value

Application-specific headers.

Header Limitations

• Maximum header name length: 64 characters
• Maximum header value length: 4096 characters
• No limit on number of headers (reasonable use)

Use Cases

API Version Selection

Name: API-Version
Value: v2

Content Negotiation

Name: Accept-Language
Value: en-US

Custom Authentication

Name: X-API-Token
Value: token-value

Correlation Tracking

Name: X-Request-ID
Value: monitoring-check-id

POST Data

For POST requests, configure the request body.

Text Input

Enter request body directly in the form field.

Supported Formats:

• JSON
• XML
• Form-urlencoded
• Plain text

JSON Example:

{
  "username": "monitor",
  "password": "check123"
}

XML Example:

<?xml version="1.0"?>
<check>
  <status>request</status>
</check>

Form Data Example:

username=monitor&password=check123

File Upload

Upload a file containing the request body.

Use Cases:

• Large request bodies
• Complex JSON/XML structures
• Binary data
• Reusable request templates

Process:

1. Prepare request body in a file
2. Click file upload button
3. Select file from your computer
4. File content used as POST body

File Limitations

Uploaded files should be reasonable in size. Extremely large payloads may cause timeout or performance issues.

Content-Type Header

Always set appropriate Content-Type header for POST data:

For JSON:

Content-Type: application/json

For XML:

Content-Type: application/xml

For Form Data:

Content-Type: application/x-www-form-urlencoded

Response Validation

Status Code Checking

UptimeHunt checks HTTP response status codes:

Successful Responses:

• 2xx codes (200, 201, 204, etc.)
• 3xx codes (301, 302, 304, etc.)

Failed Responses:

• 4xx codes (400, 401, 403, 404, etc.)
• 5xx codes (500, 502, 503, 504, etc.)
• Connection errors
• Timeout errors

Response Time

Response time is measured and recorded:

• Time from request initiation to full response
• Measured in seconds
• Timeout: Configurable (default: 10 seconds)
• Historical data available

Connection Validation

Checks verify:

• DNS resolution successful
• TCP connection established
• TLS/SSL handshake completed (HTTPS)
• HTTP response received

Advanced Configuration Examples

Monitoring Authenticated API

Name: Production API Health
URL: https://api.example.com/v1/health
Method: GET
Authentication: Bearer Token
Token: eyJhbGciOiJIUzI1NiIs...
Headers:
  - Accept: application/json
Interval: 3 minutes

Monitoring Login Endpoint

Name: User Login Test
URL: https://app.example.com/api/login
Method: POST
Authentication: None
Headers:
  - Content-Type: application/json
POST Data: {"email":"test@example.com","password":"test123"}
Interval: 5 minutes

Monitoring with Custom Headers

Name: Versioned API Endpoint
URL: https://api.example.com/users
Method: GET
Authentication: Basic
Username: apiuser
Password: ********
Headers:
  - API-Version: v2
  - Accept: application/json
  - X-Client-ID: monitoring
Interval: 3 minutes

SSL/TLS Considerations

HTTPS Monitoring

For HTTPS endpoints:

• SSL/TLS certificate validation performed
• Expired certificates cause check failures
• Self-signed certificates may fail validation
• Certificate warnings logged

Best Practices

• Use HTTPS for all production monitoring
• Ensure certificates are valid and current
• Monitor certificate expiration separately
• Use trusted certificate authorities

Timeout Configuration

Default Timeout

• Default timeout: 10 seconds
• Applies to complete request/response cycle
• Includes DNS, connection, and data transfer

Timeout Failures

Requests timing out are marked as failed:

• Connection timeout
• Read timeout
• DNS resolution timeout

Monitoring Best Practices

Check Interval Selection

Critical Services:

1-3 minutes for immediate detection

Standard Services:

3-5 minutes for balanced monitoring

Low Priority:

10-30 minutes for basic checks

Authentication

• Use dedicated monitoring credentials
• Limit permissions to minimum required
• Rotate credentials regularly
• Never use production user credentials

Endpoint Selection

• Monitor actual user-facing endpoints
• Include critical API paths
• Monitor authentication flows
• Check essential business functions

Performance

• Avoid resource-intensive endpoints
• Monitor lightweight health checks
• Consider impact on target systems
• Balance coverage vs. load

Troubleshooting

Connection Refused

Causes:

• Service not running
• Firewall blocking requests
• Incorrect URL/port
• Network connectivity issues

Solutions:

• Verify service is operational
• Check firewall rules
• Verify URL accuracy
• Test connectivity manually

Authentication Failures

Causes:

• Incorrect credentials
• Expired tokens
• Invalid token format
• Missing authentication header

Solutions:

• Verify credentials
• Refresh/regenerate tokens
• Check authentication type
• Review API documentation

Timeout Errors

Causes:

• Slow endpoint response
• Network latency
• Resource constraints
• Database delays

Solutions:

• Increase check interval
• Optimize endpoint performance
• Check server resources
• Review application logs

SSL Certificate Errors

Causes:

• Expired certificate
• Self-signed certificate
• Hostname mismatch
• Intermediate certificate missing

Solutions:

• Renew certificates
• Use CA-signed certificates
• Verify hostname matches
• Complete certificate chain

Related Documentation

• Service Details
• Services Management
• Creating First Service
• API Services Endpoints