As someone who maintained an API, 80% to 90% of my time was discovering that hackers were attempting an exploit, blocking it, adding monitoring, building abuse prevention. After we shut our API off, we could turn services back on, especially free services that we only took away because hackers.
Not to mention the support volume. More than half of our support calls were, “Why did you suspend my account? I’m a poor old grandpa. I want to appeal.” Okay, yep we looked into activity and you sent 50000 requests in less than a minute and that’s all you ever did with this account. Did you know hackers lie and will spend hours getting tech support? You go to school to be an engineer to build cool stuff and instead field bullshit support requests all day from people trying to destroy the thing you want to build so they can maybe make thirty bucks and cost you tens of thousands. It sucked the life out of me and turned me eternally cynical.
This isn’t an issue with hackers though - this is people legitimately using the devices that they paid for with Home Assistant and other automation systems.
Sounds like working at a small company isn’t for you. We have dedicated tech support and a team that works with them for this kind of stuff. Abuse of our APIs does happen, but it’s usually automatically blocked or causes enough traffic to trigger our alerts and gets manually blocked.
As someone who maintained an API, 80% to 90% of my time was discovering that hackers were attempting an exploit, blocking it, adding monitoring, building abuse prevention. After we shut our API off, we could turn services back on, especially free services that we only took away because hackers.
Not to mention the support volume. More than half of our support calls were, “Why did you suspend my account? I’m a poor old grandpa. I want to appeal.” Okay, yep we looked into activity and you sent 50000 requests in less than a minute and that’s all you ever did with this account. Did you know hackers lie and will spend hours getting tech support? You go to school to be an engineer to build cool stuff and instead field bullshit support requests all day from people trying to destroy the thing you want to build so they can maybe make thirty bucks and cost you tens of thousands. It sucked the life out of me and turned me eternally cynical.
This isn’t an issue with hackers though - this is people legitimately using the devices that they paid for with Home Assistant and other automation systems.
Sounds like working at a small company isn’t for you. We have dedicated tech support and a team that works with them for this kind of stuff. Abuse of our APIs does happen, but it’s usually automatically blocked or causes enough traffic to trigger our alerts and gets manually blocked.