Hacking the McDonalds API
Discover how to explore the McDonald's API, learn about its uses, and understand the legal implications and security measures. Get started with tools and tips for ethical hacking.
What if I told you McDonald's doesn't have a public API? Better yet, what if someone spent the time going through the McDonald's online order process to figure out how to interact with the online ordering system to see if the McSundae machine is online?
The Verge actually interviewed Rashiq figuring out how he stumbled across the API and why he created McBrokenwas out of service.
The brains behind the project Rashiq. The brains behind the project, Rashiq reverse, engineered McDonald's internal API. Rashiq places an order worth $18,752 every minute at every McDonald's in the United States to determine which locations have a broken ice cream machine (Very Important machine, BTW). The Mc Sundae DDOS order attack is processed at over 14,000 locations every minute for an order worth $18,752. That's a lot of ice cream, folks. I feel challenged. Rashiq only places an order, which then triggers the notification if the machine is online or not, but he doesn't make a purchase.
The data is then visualized on a map of the US, showing the status of the ice cream machine at every McDonald's location. Brilliant! This is probably one of the best use cases for companies to open their APIs. The Director of McDonald's analytics even said, "I'm Lovin' It."...Do do dee dee <insert theme song in your head>. Also, Mcdonald's head of communications tweeted:
Only a true @McDonalds fan would go to these lengths to help customers get our delicious ice cream! So, thanks! We know we have some opportunities to consistently satisfy even more customers with sweet treats and we will.
— David Tovar (@dwtovar) October 23, 2020
One of my favorite tweets from this project is when Rashiq slams Kubernetes in the process.
it's incredible to me that a $5 digital ocean box can serve traffic for 200k unique visitors and yet there's startups out there who deploy their landing pages with kubectl
— rashiq (@rashiq) October 23, 2020
Are we overcomplicating our Projects?
The project validates that we are overcomplicating most of our technology decisions by a huge margin. If you consider that Rashiq is powering his McBroken application to scrape the McDonald's API every minute and handle 200k daily visitors to the website with a $5 Digital Ocean server, then we should seriously evaluate what we are building for our projects.
For most projects, I don't see the need for Kubernetes, let alone some of the tools we throw at some projects. Yes, the buzzword army will rain terror down on me for frowning on deploying the latest Javascript language or using the latest feature from a Cloud Service. I always reference Pieter Levels the serial Startup entrepreneur who powers most of his successful startups using PHP and a single cloud instance. Pieter has mentioned several times it is better to keep it simple with tools you know than overcomplicate projects.
McBroken Project Statistics
- Approximately 16 million interactions with the McBroken map
- 1.5 million unique users
- one major outage, lasting about 1h. Rashiq, the creator was offline...sleeping
Check out the McBroken Application
FAQ Section: Hacking the McDonald's API
What is the McDonald's API and why would you want to hack it? The McDonald's API is a set of programming tools provided by McDonald's for developers to interact with their data and services. Hacking it refers to exploring its features, finding vulnerabilities, or utilizing it in ways beyond its intended use, often to access exclusive offers or automate orders.
Is it legal to hack the McDonald's API? Hacking the McDonald's API, especially for malicious purposes or without permission, is illegal and against McDonald's terms of service. Ethical hacking, or testing the API for security flaws with the intention of reporting them, is often permissible with prior authorization.
What tools do I need to start exploring the McDonald's API? To explore the McDonald's API, you need basic programming knowledge, a tool for making HTTP requests (like Postman or curl), and access to the API documentation. Understanding JSON and RESTful API concepts is also beneficial.
What are some common uses for the McDonald's API? Common uses for the McDonald's API include checking menu items and prices, locating nearby restaurants, placing orders, and accessing promotions or discounts. Developers might also use the API to build custom applications or integrations with other services.
How can I ensure my interactions with the McDonald's API are secure? To ensure secure interactions with the McDonald's API, always use HTTPS for encrypted communication, avoid hardcoding sensitive information like API keys, and regularly update your software to patch any security vulnerabilities. Additionally, follow best practices for API security, such as using authentication and authorization mechanisms.
Follow me
If you liked this article be sure to Follow Me on Twitter to stay updated!