How BPX Protected Revenue-Critical APIs from 6.6M Price Scraping Attacks

BPX Electro Mechanical faced waves of price and product scraping that slowed down its storefront and disrupted the live pricing and stock display that powers the online shopping experience. Five years ago, the IT team turned to DataDome for comprehensive, cost-effective protection, and has never looked back. Deployed in just a day, DataDome’s Bot & Agent Trust Management Platform stabilized BPX’s endpoints and restored trustworthy analytics, assuring good performance and user experience during peak periods.

The challenge: Scraping that overwhelmed systems

BPX’s e-commerce experience depends on live back‑end calls that return pricing and stock levels in real time. When a wave of automated scraping caused these calls to overload, the APIs that power both the online store became saturated. Within a few weeks, performance degraded noticeably, affecting page load times and the experience for shoppers during peak periods.

The surge in bot traffic posed a real operational threat to customer experience and back-office continuity.

At the time, BPX’s defenses were basic: a standard CAPTCHA to protect forms and generalized coverage from a security appliance. But the situation called for a solution that could stop high‑volume scraping at the edge and preserve the integrity of systems behind the website.

“Scraping is rife across the Internet, and we have a certain amount of intellectual property tied up to our website, so we needed something pretty much fail-proof and comprehensive”, recalls Adrian Davey, Head of IT at BPX.

The solution: Comprehensive bot protection, fast to deploy, light to run

BPX evaluated several platforms and was impressed by DataDome. “We chose it not just bot protection, but bot protection plus early detection and early warning,” Adrian explains.

Implementation was swift and took less than a day. “The IIS server-side components and front‑end snippets were straightforward, and the instructions were clear,” he says.

After going live, the team noticed they were spending significantly less time on bot mitigation. “We rely on DataDome to do its job and don’t spend much time on analysis. We didn’t want another platform that needed constant tuning.”

Coverage today spans high‑value endpoints, including login and forms, product pages targeted by price scrapers, and the live pricing and stock systems that power real-time product pages. BPX also values precise controls: they can allow their own diagnostic scans when needed, then re‑secure the surface to keep competitor tools out.

The results: Stable systems, clean analytics, and peace of mind

DataDome immediately stopped scraping surges from overwhelming BPX’s digital assets. Over the last 12 months alone, the platform detected and blocked more than 6.6 million automated malicious requests—18.9% of all incoming traffic across protected endpoints. While the main threat that DataDome protects BPX from is scraping, it has also protected them against vulnerability scanning, spamming, and credential‑stuffing attempts.

The reduction in firefighting let IT redirect effort to improvements that matter: “By stabilizing the front-end platform, DataDome allowed better investment and development in other areas that gave greater returns,” says Adrian. The IT team invested in performance and even rebuilt the website, partnering with DataDome on the security side.

On the business side, clean traffic improved conversion rates. “At one point, it was heavily skewed by bot,” says NIcholas Hartwell, E-commerce Manager at BPX Electro Mechanical. “After implementing DataDome, we got our conversion rate back to its regular level, and it’s been fairly stable there.” DataDome helped return them to normal, providing the marketing team with more reliable data for smarter ad spend.

Trust in analytics became a day‑to‑day advantage. “Knowing the traffic we’re receiving is human—unless it’s being blocked or we’ve explicitly allowed it—means I can rely on the numbers I’m seeing in Google and elsewhere,” Nicholas adds.

Crucially, the partnership proved its value during the Log4j crisis. “When we initially spoke, I don’t think we realized just how good DataDome could be,” Adrian explains. “When the Log4j vulnerability was published, we conducted an internal assessment and audit to find out if had affected us. We have software that may be using Log4j dependencies, perhaps buried away in third‑party libraries bundled with other software. We concluded that we weren’t at risk. In the same timeframe, DataDome confirmed they had put Log4j mitigations in place. Knowing the website wasn’t just protected against typical bots and scraping, but also protected against exploit vulnerabilities, was very reassuring. That gave us a level of peace of mind we hadn’t expected, and it reinforced our strong desire to keep DataDome at renewal.”