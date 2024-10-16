Rapyd’s main product is its public payments API, which handles billions of dollars of transactions 24/7. Even minor instances of disruptions, fraud, or abuse could mean millions of dollars in lost revenue, significant remediation costs, and a loss of customer trust for both Rapyd and its customers.

Although Rapyd runs an active bug bounty program, significantly customized its web application firewall (WAF), and considers API security mission-critical, its APIs were a black box to its security team. They lacked granular visibility into API use and behavior, business logic was unknown, and it was difficult to identify (let alone stop) attacks in real time.

Consequently, Rapyd’s security team needed a better way to secure both its public API and its hundreds of internal APIs in a highly complex system that operates in the cloud at a global scale. This meant a purpose-built API security solution that didn’t have the visibility gaps of their existing infrastructure, which included API gateways. They specifically needed: