Hacking the McDonalds API

What if I told you McDonalds doesn't have a public API. Better yet, what if someone spent the time going through the McDonalds online order process to figure out how to interact with the online ordering system to see if the Mc Sundae machine is online or not.

The Verge actually interviewed Rashiq figuring out how he stumbled across the API and why he created McBroken. Basically, Rashiq went to a McDonalds to order an ice cream and...you guessed it the ice cream machine was out of service.

The brains behind the project Rashiq reverse engineered McDonald's internal API. Rashiq places an order worth $18,752 every minute at every McDonald's in the United States to figure out which locations have a broken ice cream machine (Very Important machine BTW). The Mc Sundae DDOS order attack is processed at over 14,000 locations every minute for an order worth $18,752. That's a lot of ice cream folks. I feel challenged. Rashiq only places an order which then triggers the notification if the machine is online or not but doesn't make a purchase.

The data is then visualized on a map of the US showing the status of the ice cream machine at every McDonald's location. Brilliant! This is probably one of the best use cases for companies to open their APIs. The Director of McDonalds analytics even reached out to say "I'm Lovin' It"...Do do dee dee <insert theme song in your head>. Also, McDonalds head of communications tweeted:

One of my favorite tweets out of this project is when Rashiq throws some shade at Kubernetes in the process.

Are we overcomplicating our Projects

The project validates we are over complicating most of our technology decisions by a huge margin. If you consider Rashiq is powering his McBroken application to scrape the McDonalds API every minute + handle 200k daily visitors to the website with a $5 Digital Ocean server then we should seriously evaluate what we are building for our projects.

For most projects I don't see the need for Kubernetes let alone some of the tools we are throwing at some projects. Yes, the buzzword army will rain terror down on me for frowning on deploying the latest Javascript language or using the latest feature from a Cloud Service. I always reference Pieter Levels the serial Startup entrepreneur who powers most of his successful startups using PHP and a single cloud instance. Pieter has mentioned several times it is better to keep it simple with tools you know than overcomplicate projects.

McBroken Project Statistics

  • Approximately 16 million interactions with the McBroken map
  • 1.5 million unique users
  • one major outage, lasting about 1h. Rashiq, the creator was offline...sleeping

Check out the McBroken Application

mcbroken
is the mcdonald’s ice cream machine broken?
Brian Christner

Brian Christner

Brian is a nominated member of the Docker Captain’s program and a seasoned DevOps engineer specializing in Docker, Cloud Native, DevOps, and Monitoring.
Switzerland