Finally, there’s a proper security layer on top of our cloud implementation.
In case of a security breach, IF someone takes control of our API, they could hypothetically create a distributed denial-of-service (DDoS) attack. Last thing a scrappy startup needs is to be a weak point in a global cyber attack. Sure, big companies can get away from cyber crimes unscathed. Zentser is not “too big to fail” yet :)
The security layer checks have a straightforward rule: One device cannot send us more than 3 web calls within a minute. If you read the above 10-minute interval section, that should make sense.
So in cases, we start getting more than 3 calls from a device in 1 single minute, the security layer blocks that device for 24 hours.
There’s a selfish reason for the 10-minute interval. It’s a way for Zentser to save on a cloud bill. We are a scrappy, bootstrapped startup offering a free monitoring service. Any cost savings count. High-frequency API calls would run up that cloud bill faster than a budget airline with all add-ons added in.