Problem

Is there any way to determine what idle timeout is being used by a remote site if you don't have access to it?

Resolution

The idle timeout can be discovered by creating a persistent connection, then letting it time out and measuring the time. There will be a few milliseconds of noise in the results due to network delays, though. In general, the actual values most sites use will be some even number of seconds. When creating outbound keep-alive connections to some site, you may want to keep the API Gateway's idle timeout slightly lower than the endpoint's timeout so that you don't get connection failures from trying to reuse a connection too close to the deadline. For example, if the remote site has a 30 second idle timeout, you might choose a value of 29 seconds on the gateway.

There are slightly different commands used to measure this for HTTP and HTTPS. The tests should be performed from the API Gateway's command line, because intermediate systems like load balancers or proxies could have shorter idle timeouts than the actual endpoint and we need to account for this.

HTTP

Run this command:

time telnet [HOST] [PORT]

Then paste a GET request like this, after replacing example.com with the actual hostname:

GET / HTTP/1.1
Host: example.com
Connection: Keep-Alive

Press the enter key twice and wait for the timeout, then look at the time reported by the time command.

HTTPS

Run this command:
time openssl s_client -connect [HOST]:[PORT]

Then paste a GET request like this, after replacing example.com with the actual hostname:

GET / HTTP/1.1
Host: example.com
Connection: Keep-Alive