Scoffable Customer Story

Minimizing Revenue Loss and Protecting Sensitive Data

It was our API that we were looking to harden against abuse and potential bad actors attempting to threaten the security and availability of our service.

- Daniel Jones, Founding Partner, Scoffable

Scoffable, founded in 2010, provides a fast and convenient online ordering experience for takeaway consumers.

With the increase in online transactions and the use of mobile apps, protecting sensitive data has not only become a part of doing business, but a requirement to earn the trust of customers.

The Challenge

The food ordering app market is highly competitive with big investments from some major players. Scoffable understood that it was vital to maintain a responsive and frictionless experience for both consumers and partner takeaways in order to build and retain brand trust. Any service downtime through a DDoS attack by scripts or bots could result in the loss of revenue or valuable local restaurant data to competitors.

How Approov Mobile App Protection Helped

The team at Scoffable had already employed some common techniques to prevent abuse, such as rate limiting, Google reCAPTCHA and the use of Cloudflare’s Web Application Firewall product to help protect their services from various threats, including DDoS attacks.

This wasn't enough for mobile, so they reached out to the Approov team for a solution purpose built for mobile. Approov's use of signed JWTs (JSON Web Tokens) could be validated quickly and, in conjunction with Cloudflare, solved the DDoS mitigation problem with their APIs.

Scoffable has also made use of Approov’s integration with the Apple DeviceCheck API to ban specific devices from using the Scoffable service. More details on this Approov feature can be found here.

Finally, we asked Daniel why they chose Approov:

We couldn’t find anything else quite like Approov, for us it solved a number of problems:

• Preventing non-Scoffable applications from making requests to our public APIs
• Providing a DDoS mitigation solution (in conjunction with Cloudflare)
• Reducing legitimate user friction on iOS where Google reCAPTCHA is not native
• Providing a simplified approach to the management of Certificate Pinning

Talk to a Security Expert

Give us 30 minutes and our security experts will show you how how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

Get a Trial

Ready to get serious? For detailed pricing information, tell us the name of your app and the expected number of active monthly users on Android and iOS.

Close up of man using a smartphone

Looking for a quick fix?

Our Quickstarts will show you the fastest path to implementing better
mobile security.