Deindeal Customer Story
Blocking Unwanted Automated Traffic
Deindeal was founded in 2010, is now one of the largest e-commerce portals in Switzerland and is part of the Ringier group. The company has received numerous awards for its business, including the prestigious Swiss E-Commerce Award. Its range of products includes exclusive brand products, travel deals and local deals - all with high discounts.
Having a WAF with bot detection built-in worked well for us when we had a web-based platform. The browser gives you some context to help you to spot bad bots. Moving to APIs means that you have no context through which to identify automated traffic. It was clear that a new security solution would be needed for our API based platform.
- Alexandre Branquart, CIO/CTO & Co-Founder
Deindeal’s e-commerce business has grown fast, covering an increasingly wide range of product sectors, and the rising use of their mobile apps. As the company evolved its platform architecture, the team was very conscious that the introduction of APIs might expose the business to a new range of automated attacks via bots or scripts. Such threats, if successful, could directly affect revenue and profitability.
How Approov Mobile App Protection Helped
Approov was added to the Deindeal platform to specifically ensure that only genuine mobile app instances could use the API. This was directly to address the risk of scripts impacting revenue by impersonating app traffic - in order to scrape product data and then buy up high demand items, or to commit other fraudulent acts.
Implementing Approov into the Deindeal was straightforward. The token check was implemented at the edge of the network within the Cloudflare CDN in order to reject bad traffic as early as possible.
The Approov protection was deployed into production and monitored using the Approov metrics in order to ensure that everything was working as expected. Once it was clear that automated traffic was being identified correctly and that the inclusion of Approov had zero impact on the customer experience, all bots and scripts were blocked.
Over time, adjustments to the applied security policies have been made via Approov’s over-the-air capability, making managing the deployment very efficient.
Alexandre has this advice based on Deindeal’s Approov experience: