Whether you have an in-house dev team, you hired a consultant to build your backend, or you’re using a hosted backend like Parse, Firebase, or Telerik, it’s important to have a good feel for what the current state of your backend is. I put together a quick list of 9 of the questions you should be asking about your app’s API layer.

1. Where’s it hosted?

This is an important one to know: where is your app physically hosted? Make sure you know what service you’re using (AWS, Heroku, etc.), and that you have the credentials needed to log in to their admin panel. While AWS is probably the most popular service out there, there are plenty of good options available for hosting. You may also be using a Backend as a Service (BaaS) provider like Parse, Firebase, or Telerik.

2. How’s your data being stored?

Along the same lines of where it’s hosted, you should know how your data is being stored, since it can affect what you’re able to do with it. If you’re hosting on AWS, it’s likely you’re using a MySQL or PostgreSQL database, and you can easily export and move the data. If you’re on a BaaS provider, you’re probably not able to access the data directly, and it’ll be harder to export and move elsewhere.

3. Are there backups?

This is critical, especially if you’re on a more self-serve host. Make sure your data is being backed up regularly. If it’s not, you’re constantly at risk of losing everything. Along with setting up backups, make sure they’re actually running, and you should schedule a dry run every so often to test how the restore process works.

4. Can you scale when needed?

As you get more traffic, you’ll need to scale. It’s a good idea to find out what kind of headroom you have, and what potential bottlenecks/costs you’ll encounter as you start to scale. For instance, how much free disk space is there on your database? How much would it cost to add another application server? Knowing where your potential pain points are ahead of time can save you headaches and surprise costs when you need it.

5. Can you access an admin panel?

Along with your host’s admin panel, do you have a way to access your app’s data and information? Not all apps need this, but if you do have some sort of admin access, make sure you know how to access it, and that it’s properly password protected.

6. What framework is your app using, and is it up to date?

Your app is likely built on some sort of software framework, whether it’s Ruby on Rails, Node.js, or something else. The framework you’re using isn’t super important (though we like Rails), but what is important is that it’s up to date. Make sure you’re current on all of the latest security patches, so your backend remains secure from attacks.

7. Are you using SSL?

These days, there is no reason why you shouldn’t be using SSL for every connection to your server, to keep your users’ data secure. Find out if your application is using SSL for everything, and if it’s not, start looking into how you can set it up. It’s actually not too expensive, and it goes a long way in improving the security of your API calls.

8. Is there any monitoring set up?

Do you get alerted if your API goes down? If not, you could be losing money and customers without even knowing it. At the very least, you should set up something like Pingdom to get alerted as soon as your app is down. Beyond that, you can use a tool like New Relic to get deeper insight into downtime and performance degradations. Make sure you at least have email alerts set up, and if you really need to know right away, use a tool like PagerDuty to get alerted the instant something goes down.

9. How’s the performance?

Have you noticed any slowdowns recently? Is your app taking longer to load? It might not just be you! If you’ve recently gotten an influx of new users, it could be affecting the performance of your backend. Try to isolate what part of the app is running slow, and have your developers investigate what might be causing the issue. There’s always something to improve performance-wise.