TireConnect Anti-Scraping Mechanisms 🛡️

To protect your data, ensure service stability, and maintain the integrity of our platform, we have implemented a robust, multi-layered anti-scraping system. These automated mechanisms are designed to distinguish between legitimate human users and malicious bots, effectively preventing unauthorized data harvesting from our services.

1. User Interaction Analysis (Behavioral Check)

This client-level feature adds an intelligent layer of security directly to the user-facing widget.

How it Works: The system actively monitors user interactions such as mouse movements, scrolling, clicks, and keyboard input. It looks for patterns of natural human behavior.
Trigger: If the system detects a series of high-demand actions (e.g., multiple tire searches, license plate decodes) with little to no corresponding user interaction, it flags the activity as bot-like.
Action: A Google reCAPTCHA challenge is triggered. Further high-demand requests from that session are only permitted after the user successfully completes the CAPTCHA. This method is highly effective at stopping bots that attempt to scrape data rapidly within a single browser session.

2. Adaptive Hourly Request Limits

This feature, configured at the API key level, provides dynamic, volume-based protection against scraping. When enabled, it operates in one of two modes:

Historical Analysis (Default Mode): The system analyzes your account's request volume for the current hour and compares it to your typical historical usage for the same hour and day of the week. If the current volume shows a significant spike—defined as 40% or more above the historical average—all further high-demand requests from that API key are temporarily blocked until the next hour begins.
Fixed Limit Mode: If historical data is not available, or if you prefer a static threshold, the system uses a default fixed limit (typically 100 requests per hour). You can also choose to override the historical analysis and enforce this fixed limit at all times.

3. Real-Time Anomaly Detection & IP Blocking

This is a continuous, backend monitoring process that provides an overarching layer of security for all accounts.

How it Works: Our system constantly analyzes request data across all API keys over a rolling 24-hour period. Specialized algorithms identify sudden, anomalous spikes in activity that are characteristic of large-scale, coordinated scraping attempts.
Automated & Manual Response:
- When a major spike is detected, our security team is immediately notified to investigate and permanently block the offending IP addresses from accessing our services.
- If you also have the "Adaptive Hourly Request Limits" feature enabled for your API key, this system will automatically trigger a temporary block on your key for the remainder of the hour, stopping the potential threat instantly.

Important Scope Note

Please be aware that all the anti-scraping mechanisms described above apply exclusively to "Web" type API keys. They are not active on other specialized keys, such as those designated for "In-Store" or "POS" (Point of Sale) use cases.