API Definition

According to the Wikipedia: "In computer programming, an application programming interface (API) is a set of subroutine definitions, protocols, and tools for building application software. In general terms, it is a set of clearly defined methods of communication between various software components."

As we see rapid development of mobile Internet access networks and the growth of the number of smartphones, many companies whose business is connected to the Internet, are developing and supporting their own mobile applications.

This allows them to make their services accessible to as many users as possible. A home computer is no longer required to purchase services or to consume content.

Most mobile applications use a client server architecture where the application is installed on the user’s device and the service content is delivered via a centralized API.

Major threats to APIs

As all mobile services are interested in reaching their maximum audience, users should be able to use the application around the world. An API is often a great resource and therefore attracts hackers as well as legitimate users. A weakness of APIs is that they can be subject to service failure attacks. This type of attack makes it impossible for the user to access the mobile application and faced by the fact that the service is unavailable, forces them to turn to alternative options. There are many ways to address these types of attacks. However, blocking the offending addresses is usually not the best method. The historical approach of blocking IP addresses could lead to restricting access for legitimate users of the application on the same shared WIFI or public access point at a hotel, airport or train. This leads to a negative impact on brand and revenue.

Another type of abuse of mobile and public APIs is automated scraping and/or publishing of data to the service by bot accounts.

An optimal solution could be Variti’s Active Bot Protection (ABP), which is able to filter-out non-legitimate requests. The application backend will receive web-traffic that is cleaned from undesirable requests. ABP is based on a multifactorial analysis of each Internet session. The method includes both statistical and technical data analysis. Apart from these, Variti uses behavioral analysis which enables to distinguish bots and humans with a high level of confidence.

What Variti recommends

API protection service extends Variti’s Active Bot Protection to all applications including mobile, mitigating low-frequency bot attacks that are normally missed.

With Variti’s Always-On API protection, companies notice a decrease in load and increase in capacity due to filtering unwanted bot traffic.

Detection of password bruteforce attacks
Human traffic is variable / Bot traffic is constant

Smart detection and mitigation of DDoS attacks not only on
infrastructure or web but also on mobile application APIs