Why Fast Debugging Matters
When an API returns an error or behaves unexpectedly, fast debugging saves hours. Here are the tools and techniques that separate junior and senior developers.
Essential Debugging Tools
Postman
The most popular API tool. Use it to:
- Make requests with various methods and parameters
- Inspect request and response details
- Save requests in collections for reuse
- Automate testing
Features for debugging:
- Pre-request scripts to modify requests
- Tests to validate responses
- Postman Console to see request/response details
- Environment variables for different endpoints
Browser DevTools Network Tab
For APIs called from web apps, the browser is your best friend:
- Open DevTools (F12 or Cmd+Option+I)
- Go to Network tab
- Perform the action that calls the API
- Click on the request to see details
- Inspect request headers, body, and response
Look for:
- HTTP status codes (200, 401, 404, 500, etc.)
- Response headers (Cache-Control, Content-Type)
- Response body (actual data or error message)
- Timing information (how long the request took)
curl Command Line
The command-line tool for testing APIs:
# Simple GET request
curl https://api.example.com/users
# With headers
curl -H "Authorization: Bearer token123" \
https://api.example.com/users
# POST with data
curl -X POST https://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name": "John", "email": "john@example.com"}'
# Verbose output (very useful for debugging)
curl -v https://api.example.com/usersCommon Debugging Scenarios
Problem: 401 Unauthorized
Causes:
- Missing authentication header
- Invalid token
- Expired token
- Wrong authentication scheme
Debug:
# Check if Authorization header is present
curl -v https://api.example.com/users
# Try with explicit header
curl -H "Authorization: Bearer token123" https://api.example.com/usersProblem: 403 Forbidden
Your request is authenticated, but you don't have permission.
Debug:
- Are you logged in as the right user?
- Do you have the right role/permissions?
- Is the resource owned by you?
Problem: 404 Not Found
The endpoint doesn't exist or the resource doesn't exist.
Debug:
# Check endpoint URL spelling
curl -i https://api.example.com/users # 200
curl -i https://api.example.com/user # 404 (different endpoint)
# Check ID parameter
curl https://api.example.com/users/123 # 200
curl https://api.example.com/users/999 # 404 (user doesn't exist)Problem: 500 Internal Server Error
The server crashed. Check:
- Server logs
- Error message in response
- Recent code changes
- Database connectivity
Problem: Request Timeout
The API takes too long to respond.
Debug:
- Check if the server is running
- Look for slow queries in database logs
- Monitor server CPU and memory
- Use curl with verbose flag to see timing
Debugging Checklist
- Is the endpoint URL correct?
- Is the HTTP method correct (GET, POST, PUT)?
- Are all required headers present?
- Is the request body valid JSON?
- Is authentication token valid and not expired?
- Does the user have permission for this action?
- Is the resource ID correct?
- Are request parameters formatted correctly?
- Does the server have logs to check?
- Is there network latency or timeout?
Logging Best Practices
Good logging helps debugging:
// Server-side logging
app.use((req, res, next) => {
console.log(`${req.method} ${req.path}`);
console.log('Headers:', req.headers);
console.log('Body:', req.body);
next();
});
// Client-side logging
fetch(url, options)
.then(res => {
console.log('Status:', res.status);
return res.json();
})
.then(data => console.log('Data:', data))
.catch(err => console.error('Error:', err));Conclusion
API debugging is a skill that improves with practice. Master your tools, understand HTTP status codes, check the obvious first (spelling, headers, auth), and work through the checklist. Most issues have simple causes.