cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Real User API Security

matthias_scholz
Contributor

How is the abuse of the Real User Monitoring API secured?
From my point of view, the RUM data could currently be quite easily contaminated by means of external requests.

3 REPLIES 3

andreas_grabner
Dynatrace Guru
Dynatrace Guru

Want to add some additional context as Matthias and I initially discussed this question via email and I asked him to post it here as I didnt know the answer either:

"Which mechanisms exist in the Dynatrace RUM API to prevent any misusage or tampering, e.g: sending bogus data or modifying data that is collected?"

Philipp_Kastner
Dynatrace Pro
Dynatrace Pro

Hi Matthias,

 

thanks for reaching out. We do validate the RUM data. However, if someone simulates valid data it is in theory possible to send bogus/fake data. I believe there isn't much we can do about it for real user monitoring of public pages.
This is a problem also other analytics solutions face.

 

That said, there is always the option to only allow traffic from trusted sources or block suspicious sources on the network/firewall level.

 

Kind regards,

Philipp

matthias_scholz
Contributor

Hello Phillip,

 

thank you for your timely feedback.

That's exactly how I thought it would be.

 

Regards

Matthias