Dohop, a B2B travel platform providing turnkey technologies to industry partners, was faced with persistent scraping attacks that overwhelmed its internal defenses and strained the APIs of its airline partners. After ineffective manual mitigation attempts, they turned to DataDome. The real-time cyberfraud and bot protection solution proved essential, blocking malicious traffic and safeguarding critical endpoints. Today, Dohop relies on DataDome to protect its infrastructure, ensure its reliability, and uphold the trust of its 75+ international airline partners. 

The challenge: Scraper bots crippling Dohop’s systems & straining partners’ APIs

Dohop is a SaaS company that helps airlines integrate customized search and booking services into their own websites. Dohop is therefore responsible not only for delivering a seamless digital experience but also for protecting the infrastructure of some of the world’s leading airlines.

Like any company working with competitive pricing data, Dohop became a prime target for scraping bots. These bots were overwhelming the platform’s internal defenses and flooding partner airline APIs with illegitimate traffic. “We saw traffic spikes that were 10 to 100 times above normal,” recalls Kristjan Gudni Bjarnason, CTO of Dohop. “It was clear this wasn’t human behavior but scraping activity.”

The attacks put a strain on Dohop’s systems and caused concern among its airline partners. When bots attacked the white-label booking pages hosted by Dohop, it resulted in a surge of unnecessary API calls to airlines’ systems, which could jeopardize performance, placing partner relationships at risk. “We are a B2B company—our reputation depends on securing services under brands like Air France, EasyJet, etc. Protection was non-negotiable,” says Kristjan.

With his team, they tried to manually mitigate the bad bots using firewalls and load balancers, but it was a losing battle. “I could block the obvious scrapers, but the sophisticated bots adapted. It wasn’t something we could solve internally,” Kristjan says. That is why Dohop looked for a solution like DataDome. 

The solution: Industry-leading bot mitigation built by experts

The security team needed a solution that could stop scraping bots in real time, but also work well within their technical ecosystem and meet their business expectations. “We were looking for a company that primarily focused on bot protection, not a vendor trying to do everything at once,” says the CTO.

Cost transparency was as important as technical credibility. Kristjan consulted airline partners and security teams for references. He was looking for a vendor with a strong reputation and a proven ability to protect high-stakes digital platforms. He also wanted excellent documentation to reduce back-and-forth during integration. As Dohop’s infrastructure is hosted across AWS and Vercel, any solution needed to work seamlessly in that environment. 

They therefore carried out a Proof-of-Concept with DataDome. Within a month, they were convinced by Bot Protect: the dashboard provided real insights, and the team behind the product was responsive and collaborative. Although the integration revealed some complexities, like routing API and frontend traffic across different subdomains, DataDome worked closely with Dohop to troubleshoot and adjust. 

The commitment of both parties paid off. “It was a bit of a rocky start,” Kristjan admits, “but the team listened, adapted, and ultimately provided a solution that really works for us.”

“DataDome helped Dohop cut bot traffic by 70% during peak travel season, blocking over 3 million malicious requests in a month and keeping 75+ airline partners protected when it matters most.”

The results: Scrapers blocked, partnerships protected, & stability restored

Once DataDome was fully deployed, the impact was immediate. The chaotic traffic spikes that used to overwhelm Dohop’s systems were brought under control. Our cyberfraud protection platform blocked bad bots in real time, and the pressure on their partner APIs disappeared. 

During the initial 7-day evaluation period in January, right at the start of peak travel season, DataDome detected 2.6 million malicious bot requests on all Dohop’s endpoints. Extrapolated across a full month, that equates to more than 10 million potentially harmful requests. One year later, during the same peak period, DataDome had blocked 3.2 million bad bots in just 30 days— a 70% reduction compared to the initial estimate, again during the peak tourist season, when booking volumes and competitive scraping activity are generally at their highest. In short, Dohop now sees 70% fewer bots targeting its platforms compared to before deploying DataDome, especially when it matters most.

Kristjan described moments during the integration phase when the protection had to be temporarily disabled, and how quickly the consequences followed. “We’d start receiving complaints from our airline partners, who were experiencing degraded service,” he recalls. “So yes—the impact is obvious. Without DataDome, we couldn’t reliably run our service.” 

Internally, the shift was just as significant. Time and energy previously spent on bot mitigation could now be redirected toward product innovation and strategic priorities. For Kristjan, that’s where the true value of the partnership lies. “We need this service 24/7, and it meets our expectations. The product works. The team listens. They have tailored it to our needs. That’s exactly what you would expect from a security partner.”

You too can try DataDome’s free Vulnerability Scan and get instant visibility into your risk level. No impact on performance, no strings attached.