Back

The Ghost Traffic Problem — Instrumenting API Trust

Mapped every API key and killed 90% of zombie traffic that burned bandwidth and risked data exposure.

API SecurityZero TrustMonitoringCloud
At a glance
  • Problem
    Mapped every API key and killed 90% of zombie traffic that burned bandwidth and risked data exposure.
  • Stack
    API Security • Zero Trust • Monitoring • Cloud
  • Focus
    API Security • Zero Trust • Monitoring
  • Results
    Zombie traffic fell by 90% in two weeks, compute cost dropped 30%, and we discovered a beta client still hitting sensitive endpoints.

Problem

Mapped every API key and killed 90% of zombie traffic that burned bandwidth and risked data exposure.

Context

During a fintech audit, servers processed thousands of requests per hour even when no customers were online. Legacy test scripts and forgotten clients still had valid keys.

API traffic attribution and key ownership

A central registry maps keys to owners, scopes, and usage.

Rotation and expiration policies eliminate zombie clients.

Zero-trust monitoring with OTel and WAF

API Gateway + WAF enforces throttling while logs explain behavior.

Tracing shows downstream impact for every request.

Architecture

  1. Inventory every API credential, tagging owners, scopes, and last-used timestamps in a central registry.
  2. Shipped key rotation + expiration policies enforced via CI, so stale keys stop the build.
  3. Fronted services with API Gateway + WAF adaptive throttling while pushing logs to CloudWatch + Grafana for behavior insights.
  4. Instrumented OpenTelemetry traces end-to-end so we could explain every successful request and its downstream impact.
  5. Set up anomaly alerts when frequency or geography shifted outside baselines.

Security / Threat Model

  • API keys never expired and weren’t tied to owners.
  • Forgotten integrations hammered prod endpoints daily.
  • Rate limiters blocked traffic but offered zero attribution.
  • No single view of how requests flowed across microservices.

Tradeoffs & Lessons

Security starts with knowing who is talking to you. If you can’t explain a request, you’ve already lost observability — and maybe data.

Results

Zombie traffic fell by 90% in two weeks, compute cost dropped 30%, and we discovered a beta client still hitting sensitive endpoints. The visibility work turned into a Zero Trust roadmap for the org.

Stack

API SecurityZero TrustMonitoringCloud

FAQ

What is ghost traffic?

Requests from forgotten clients and stale API keys that still hit production.

How was it reduced?

Key inventory, rotation, expiration policies, and anomaly alerts.

What was the outcome?

Traffic and costs dropped while visibility and trust improved.

Back to ProjectsExplore more Case Studies
    The Ghost Traffic Problem — Instrumenting API Trust — Case Study