We have recently identified some unwanted API call from our end users. They wrote their own utilities to pull data via our BO server repeatedly and have caused a heavy load to the server.

Any advice how to block such unwanted API call? or do anybody know what protocal the SDK use when communicating with the server?

Guoming (BOB member since 2007-10-30)

From the application level, you could ensure that they only have certain rights via CMC to perform views, refreshes, edits, saves etc on only those content areas you so choose. So when they develop SDK programs, whatever logins that have been provided to them, inherit these limitations. (And definitely remove any/all access to the Administrator account if it’s been given to them)

From the network topology perspective, if these users are not suppose to be able to communicate with BOE via SDK then you should isolate your reporting infrastructure as to make sure it’s only accessible via the web (port 80/443 HTTP typically) and that any other access that’s usually used for intra-BO communication (tcp/ip 6400) cannot physically involve these particular users/clients.

Of course, the easiest thing to do would be to chop of their hands, and probably least messiest than the above two (surprising as it may be!) - just kidding of course.

good luck

Atul Chowdhury (BOB member since 2003-07-07)

This might help too

AuguC (BOB member since 2009-11-20)