SlideShare a Scribd company logo

apidays LIVE LONDON - API scrapping: how to protect your API against something which is not necessarily an attack by Artem Demchenkov

apidays
apidays

API scraping involves automated extraction of content from APIs for purposes outside of their intended use. While not necessarily malicious, it can harm API owners through lost revenue and intellectual property. To recognize scraping, API owners monitor for abnormal usage patterns and set limits on requests per user. Methods to prevent scraping include rate limits, firewall rules blocking suspicious traffic, IP databases, and machine learning models to detect bots. However, completely blocking scraping may not be possible due to the dynamic nature of the problem.

Technology
1 of 30
Download to read offline
API Scrapping. How to protect your API against something that is not necessarily an attack Artem Demchenkov Illustration © Caterina Carraro/Billie
2 Artem Demchenkov ● CTO & Co-Founder at Billie ● ardemchenkov@gmail.com ● https://www.linkedin.com/in/artem-demchenkov-76b69934/
Billie We are an innovative financial platform, focused on working capital financing. Some numbers: ● Start: 01.12.2016 ● Closed Beta: 01.05.2017 ● Public Launch: 01.06.2017 ● Team: 100+ ● Engineering Crew: 35
Agenda 4 ● API scraping may not look like an attack ● Why should we worry then? ● KYCB ● How to recognize that you’re being scrapped ● How to stop API scraping. It is even possible? ● Bonus
5 Let’s begin with numbers
Some numbers 6 ● 46% of web traffic are scraping bots (Distil Networks, 2016) ● 2% of online revenue is lost due to web scraping (Distil Networks, 2016) ● Global e-commerce sales are 3.53 trillion dollars (Statista, 2019) ● 2% of it is >70 billion dollars
7 API Attacks
API Attacks 8 ● DDoS ● Injections ● Data Exposure ● Authentication Hijacking ● “Man in the Middle” ● Unencrypted Communication ● Application Abuse ● Parameter Tampering }Unexpected API usage
9 API Scraping is different
API Scraping 10 ● Is a pretty traditional and expected user behaviour ● It doesn’t try to hijack or break anything ● Content - is the main point of interest ● That’s why it is not always easy to identify that you are being scraped
Traditional communication flow 11 USER UI API DATA SOURCE
Traditional communication flow 12 USER UI API DATA SOURCE
Scraping communication flow 13 USER UI API DATA SOURCE
14 Scraping is not allowed
Google Maps Terms of Service 15 3.2.3 Restrictions Against Misusing the Services. (a) No Scraping. Customer will not export, extract, or otherwise scrape Google Maps Content for use outside the Services. For example, Customer will not: (i) pre-fetch, index, store, reshare, or rehost Google Maps Content outside the services; (ii) bulk download Google Maps tiles, Street View images, geocodes, directions, distance matrix results, roads information, places information, elevation values, and time zone details; (iii) copy and save business names, addresses, or user reviews; or (iv) use Google Maps Content with text-to-speech services.
16 But not everyone is Google, isn’t it?
Scraping communication flow 17 USER UI API DATA SOURCEBOT
Scraping communication flow 18 USER UI API EXTERNAL APIBOT
What makes API Scraping dangerous for API Owners 19 ● Unpredictable expenses ● Income losses ● Loss of intellectual property ownership ● Loss of competitive advantage ● Risk of being reverse engineered
20 KYC Know Your Customers KYCB Know Your Customers’ Behavior
How to recognize that your API is being scrapped? 21 Logging Thresholds Monitoring alerts
How to set up a proper Data Monitoring Smart Data-driven Alerts with Prometheus and Grafana https://youtu.be/GbwyF6xZwwc
How to prevent API Scraping 23 HTTP-Request limits Per user, Per time period Basic Firewall rules Headers, Content-Size, IPs More extended rules Geography, Pattern Detection IP databases https://www.abuseipdb.com/ Real-time ML based bot detection Specific services (e.g. Cloudflare) Data thresholds Num or registrations, num of API calls...
24 They say: no one can block API scraping completely
25 We say: it is a race and one who stops first loses
26 Bonus Track
Scraping communication flow 27 USER UI API DATA SOURCEBOTHUMAN This one leaves traces
28 Prior to building a bot, a human needs to explore your API
Thank you ● ardemchenkov@gmail.com ● https://www.linkedin.com/in/artem-demchenkov-76b69934/
Check it out. There’s interesting More in our “Engineering Corner” on Medium 30 https://medium.com/billie-finanzratgeber

Recommended

apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...
apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...
apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...apidays
 
apidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boyd
apidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boydapidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boyd
apidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boydapidays
 
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays
 
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays
 
apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays
 
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...apidays
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays
 

Recommended

apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...
apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...
apidays LIVE LONDON - Open API Economy: Managing Security and Compliance Risk...apidays
 
apidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boyd
apidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boydapidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boyd
apidays LIVE LONDON - The State of Banking APIs 2020 by Mark Boydapidays
 
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays LIVE Paris - Microservices, up and running by Irakli Nadareishvili
apidays LIVE Paris - Microservices, up and running by Irakli Nadareishviliapidays
 
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays
 
apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays
 
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...
apidays LIVE JAKARTA - Take control of your microservices with App Mesh by Ak...apidays
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
 
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...
apidays LIVE LONDON - Transformation of APIs in payments by Neil Munro & Rich...apidays
 
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven WorldWSO2
 
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...WSO2
 
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...Yenlo
 
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...apidays
 
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...apidays
 
Banking and Mobile Identity
Banking and Mobile IdentityBanking and Mobile Identity
Banking and Mobile IdentityApigee | Google Cloud
 
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays
 
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...apidays
 
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...WSO2
 
Iamwire Investment Pitch
Iamwire Investment PitchIamwire Investment Pitch
Iamwire Investment Pitchiamwire
 
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...apidays
 
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIAPIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIapidays
 
Setting up a Digital Business on Cloud
Setting up a Digital Business on CloudSetting up a Digital Business on Cloud
Setting up a Digital Business on CloudAmazon Web Services
 
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...WSO2
 
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...WSO2
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays
 
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays
 
API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...Artem Demchenkov
 
Microservics, serverless and real time; Building blocks of the modern data pi...
Microservics, serverless and real time; Building blocks of the modern data pi...Microservics, serverless and real time; Building blocks of the modern data pi...
Microservics, serverless and real time; Building blocks of the modern data pi...Manisha Sule
 

More Related Content

What's hot

apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven WorldWSO2
 
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...WSO2
 
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...Yenlo
 
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...apidays
 
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...apidays
 
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays
 
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...apidays
 
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...WSO2
 
Iamwire Investment Pitch
Iamwire Investment PitchIamwire Investment Pitch
Iamwire Investment Pitchiamwire
 
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...apidays
 
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIAPIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIapidays
 
Setting up a Digital Business on Cloud
Setting up a Digital Business on CloudSetting up a Digital Business on Cloud
Setting up a Digital Business on CloudAmazon Web Services
 
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...WSO2
 
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...WSO2
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays
 
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays
 

What's hot (20)

apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
apidays LIVE LONDON - Exploring the business value of APIs – from insight to ...
 
[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World[WSO2 Integration Summit London 2019] The API-driven World
[WSO2 Integration Summit London 2019] The API-driven World
 
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...
[WSO2 Integration Summit Bern 2019] Identity and Access Management in an API-...
 
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
 
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgirapidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
apidays LIVE LONDON - API platform strategy and operating models by Kiran Nadgir
 
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
WSO2 - Yenlo Integration Summit Stuttgart May 15 2019 - Open Banking APIs and...
 
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...
apidays LIVE LONDON - The Service Management Ecosystem: unification of techno...
 
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...
apidays LIVE Australia 2020 - API Design in Fintech: Challenges and Opportuni...
 
Banking and Mobile Identity
Banking and Mobile IdentityBanking and Mobile Identity
Banking and Mobile Identity
 
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
 
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...
 
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...
[WSO2 Summit Sydney 2019] Open Banking from the Trenches: How European Banks ...
 
Iamwire Investment Pitch
Iamwire Investment PitchIamwire Investment Pitch
Iamwire Investment Pitch
 
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...
APIdays London 2019 - Open Banking: An Opportunity, not (just) a Mandate by R...
 
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPIAPIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
APIdays Zurich 2019 - The Three Pillars of API Strategy Erik Wilde, GoodAPI
 
Setting up a Digital Business on Cloud
Setting up a Digital Business on CloudSetting up a Digital Business on Cloud
Setting up a Digital Business on Cloud
 
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...
[WSO2 Summit Americas 2020 ] Fintech Ecosystems & Consumer Experiences: The N...
 
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
 
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
apidays LIVE LONDON - Differentiating your Developer Program: Is Speed "A" Di...
 

Similar to apidays LIVE LONDON - API scrapping: how to protect your API against something which is not necessarily an attack by Artem Demchenkov

API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...Artem Demchenkov
 
Microservics, serverless and real time; Building blocks of the modern data pi...
Microservics, serverless and real time; Building blocks of the modern data pi...Microservics, serverless and real time; Building blocks of the modern data pi...
Microservics, serverless and real time; Building blocks of the modern data pi...Manisha Sule
 
[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIs[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIsWSO2
 
API Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceAPI Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceCapgemini
 
Graph+AI for Fin. Services
Graph+AI for Fin. ServicesGraph+AI for Fin. Services
Graph+AI for Fin. ServicesTigerGraph
 
eyeReturn Retail ROI in Digital Media
eyeReturn Retail ROI in Digital MediaeyeReturn Retail ROI in Digital Media
eyeReturn Retail ROI in Digital MediaIAB Canada
 
Digital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's OutreachDigital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's OutreachZero Science Lab
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
SF Big Analytics Meetup - Exact Count Distinct with Apache Kylin
SF Big Analytics Meetup - Exact Count Distinct with Apache KylinSF Big Analytics Meetup - Exact Count Distinct with Apache Kylin
SF Big Analytics Meetup - Exact Count Distinct with Apache KylinSamanthaBerlant
 
2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT Departments2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT DepartmentsYottaa
 
91APP API Gateway 導入之旅
91APP API Gateway 導入之旅91APP API Gateway 導入之旅
91APP API Gateway 導入之旅Rick Hwang
 
How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...
How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...
How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...SamanthaBerlant
 
How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...
How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...
How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...Tyler Wishnoff
 
Find IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterFind IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterGhostery, Inc.
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIs5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIsWSO2
 
Webinar is your business 2020 ready?
Webinar is your business 2020 ready?Webinar is your business 2020 ready?
Webinar is your business 2020 ready?STAAH
 

Similar to apidays LIVE LONDON - API scrapping: how to protect your API against something which is not necessarily an attack by Artem Demchenkov (20)

API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...
 
Microservics, serverless and real time; Building blocks of the modern data pi...
Microservics, serverless and real time; Building blocks of the modern data pi...Microservics, serverless and real time; Building blocks of the modern data pi...
Microservics, serverless and real time; Building blocks of the modern data pi...
 
[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIs[APIdays INTERFACE 2021] Programming the Cloud through APIs
[APIdays INTERFACE 2021] Programming the Cloud through APIs
 
API Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation ExperienceAPI Management - Practical Enterprise Implementation Experience
API Management - Practical Enterprise Implementation Experience
 
Graph+AI for Fin. Services
Graph+AI for Fin. ServicesGraph+AI for Fin. Services
Graph+AI for Fin. Services
 
eyeReturn Retail ROI in Digital Media
eyeReturn Retail ROI in Digital MediaeyeReturn Retail ROI in Digital Media
eyeReturn Retail ROI in Digital Media
 
OlympusXR Onepage
OlympusXR OnepageOlympusXR Onepage
OlympusXR Onepage
 
Digital Fraud Viewability Benchmarks Q4 2020
Digital Fraud Viewability Benchmarks Q4 2020Digital Fraud Viewability Benchmarks Q4 2020
Digital Fraud Viewability Benchmarks Q4 2020
 
Digital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's OutreachDigital Signage Systems - The Modern Hacker's Outreach
Digital Signage Systems - The Modern Hacker's Outreach
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey Today
 
SF Big Analytics Meetup - Exact Count Distinct with Apache Kylin
SF Big Analytics Meetup - Exact Count Distinct with Apache KylinSF Big Analytics Meetup - Exact Count Distinct with Apache Kylin
SF Big Analytics Meetup - Exact Count Distinct with Apache Kylin
 
2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT Departments2016: The Year to Align Marketing & IT Departments
2016: The Year to Align Marketing & IT Departments
 
91APP API Gateway 導入之旅
91APP API Gateway 導入之旅91APP API Gateway 導入之旅
91APP API Gateway 導入之旅
 
How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...
How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...
How to Guarantee Exact Count Distinct Queries with Sub-Second Latency on Mass...
 
How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...
How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...
How to Guarantee Exact COUNT DISTINCT Queries with Sub-Second Latency on Mass...
 
Find IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterFind IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site Faster
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
omkar-hybris-cv
omkar-hybris-cvomkar-hybris-cv
omkar-hybris-cv
 
5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIs5 Pillars of Building Enterprise0grade APIs
5 Pillars of Building Enterprise0grade APIs
 
Webinar is your business 2020 ready?
Webinar is your business 2020 ready?Webinar is your business 2020 ready?
Webinar is your business 2020 ready?
 

More from apidays

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...apidays
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...apidays
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...apidays
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...apidays
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...apidays
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...apidays
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...apidays
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...apidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...apidays
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...apidays
 

More from apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Recently uploaded

Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...caitlingebhard1
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 

Recently uploaded (20)

Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 

apidays LIVE LONDON - API scrapping: how to protect your API against something which is not necessarily an attack by Artem Demchenkov

  • 1. API Scrapping. How to protect your API against something that is not necessarily an attack Artem Demchenkov Illustration © Caterina Carraro/Billie
  • 2. 2 Artem Demchenkov ● CTO & Co-Founder at Billie ● ardemchenkov@gmail.com ● https://www.linkedin.com/in/artem-demchenkov-76b69934/
  • 3. Billie We are an innovative financial platform, focused on working capital financing. Some numbers: ● Start: 01.12.2016 ● Closed Beta: 01.05.2017 ● Public Launch: 01.06.2017 ● Team: 100+ ● Engineering Crew: 35
  • 4. Agenda 4 ● API scraping may not look like an attack ● Why should we worry then? ● KYCB ● How to recognize that you’re being scrapped ● How to stop API scraping. It is even possible? ● Bonus
  • 6. Some numbers 6 ● 46% of web traffic are scraping bots (Distil Networks, 2016) ● 2% of online revenue is lost due to web scraping (Distil Networks, 2016) ● Global e-commerce sales are 3.53 trillion dollars (Statista, 2019) ● 2% of it is >70 billion dollars
  • 8. API Attacks 8 ● DDoS ● Injections ● Data Exposure ● Authentication Hijacking ● “Man in the Middle” ● Unencrypted Communication ● Application Abuse ● Parameter Tampering }Unexpected API usage
  • 9. 9 API Scraping is different
  • 10. API Scraping 10 ● Is a pretty traditional and expected user behaviour ● It doesn’t try to hijack or break anything ● Content - is the main point of interest ● That’s why it is not always easy to identify that you are being scraped
  • 15. Google Maps Terms of Service 15 3.2.3 Restrictions Against Misusing the Services. (a) No Scraping. Customer will not export, extract, or otherwise scrape Google Maps Content for use outside the Services. For example, Customer will not: (i) pre-fetch, index, store, reshare, or rehost Google Maps Content outside the services; (ii) bulk download Google Maps tiles, Street View images, geocodes, directions, distance matrix results, roads information, places information, elevation values, and time zone details; (iii) copy and save business names, addresses, or user reviews; or (iv) use Google Maps Content with text-to-speech services.
  • 16. 16 But not everyone is Google, isn’t it?
  • 17. Scraping communication flow 17 USER UI API DATA SOURCEBOT
  • 18. Scraping communication flow 18 USER UI API EXTERNAL APIBOT
  • 19. What makes API Scraping dangerous for API Owners 19 ● Unpredictable expenses ● Income losses ● Loss of intellectual property ownership ● Loss of competitive advantage ● Risk of being reverse engineered
  • 20. 20 KYC Know Your Customers KYCB Know Your Customers’ Behavior
  • 21. How to recognize that your API is being scrapped? 21 Logging Thresholds Monitoring alerts
  • 22. How to set up a proper Data Monitoring Smart Data-driven Alerts with Prometheus and Grafana https://youtu.be/GbwyF6xZwwc
  • 23. How to prevent API Scraping 23 HTTP-Request limits Per user, Per time period Basic Firewall rules Headers, Content-Size, IPs More extended rules Geography, Pattern Detection IP databases https://www.abuseipdb.com/ Real-time ML based bot detection Specific services (e.g. Cloudflare) Data thresholds Num or registrations, num of API calls...
  • 24. 24 They say: no one can block API scraping completely
  • 25. 25 We say: it is a race and one who stops first loses
  • 27. Scraping communication flow 27 USER UI API DATA SOURCEBOTHUMAN This one leaves traces
  • 28. 28 Prior to building a bot, a human needs to explore your API
  • 29. Thank you ● ardemchenkov@gmail.com ● https://www.linkedin.com/in/artem-demchenkov-76b69934/
  • 30. Check it out. There’s interesting More in our “Engineering Corner” on Medium 30 https://medium.com/billie-finanzratgeber