Free Trial

Scoffable Customer Story

Minimizing Revenue Loss and Protecting Sensitive Data

It was our API that we were looking to harden against abuse and potential bad actors attempting to threaten the security and availability of our service.

Daniel Jones, Founding Partner, Scoffable

Scoffable, founded in 2010, provides a fast and convenient online ordering experience for takeaway consumers.

With the increase in online transactions and the use of mobile apps, protecting sensitive data has not only become a part of doing business, but a requirement to earn the trust of customers.

The Challenge

The food ordering app market is highly competitive with big investments from some major players. Scoffable understood that it was vital to maintain a responsive and frictionless experience for both consumers and partner takeaways in order to build and retain brand trust. Any service downtime through a DDoS attack by scripts or bots could result in the loss of revenue or valuable local restaurant data to competitors.

How Approov API Threat Protection Helped

The team at Scoffable had already employed some common techniques to prevent abuse, such as rate limiting, Google reCAPTCHA and the use of Cloudflare’s Web Application Firewall product to help protect their services from various threats, including DDoS attacks.

This wasn't enough for mobile, so they reached out to the Approov team for a solution purpose built for mobile. Approov's use of signed JWTs (JSON Web Tokens) could be validated quickly and, in conjunction with Cloudflare, solved the DDoS mitigation problem with their APIs.

Scoffable has also made use of Approov’s integration with the Apple DeviceCheck API to ban specific devices from using the Scoffable service. More details on this Approov feature can be found here.

Finally, we asked Daniel why they chose Approov:

We couldn’t find anything else quite like Approov, for us it solved a number of problems:

  • Preventing non-Scoffable applications from making requests to our public APIs
  • Providing a DDoS mitigation solution (in conjunction with Cloudflare)
  • Reducing legitimate user friction on iOS where Google reCAPTCHA is not native
  • Providing a simplified approach to the management of Certificate Pinning

Download full
Customer Story

Protect the APIs in Your Business Today

Schedule a demo or start a FREE trial to see how Approov API Threat Protection can build a trusted mobile channel for your business.

Try Approov for FreeRequest Demo

Copyright © 2020 CriticalBlue, Ltd. All Rights Reserved.