As the Indian multilingual microblogging platform scales past 30 million downloads, enhances creator happiness and provides users with a safe and reliable interface, Koo uses Cloudflare to secure the API endpoints, mitigate threats and prevent bot attacks

Launched in March 2020 to empower internet users to express themselves online in their mother tongue, Koo became India's go-to micro-blogging platform by addressing the core internet use case of 'expression'. Today, with over 30 million downloads and growing, the platform is riding the wave of India’s recent widespread mobile phone adoption and universal Internet access. In a country with over one billion people that speak over 22 official languages, Koo gives users outside the English-speaking community an online voice.

Koo invites users to come online to share their thoughts and opinions in a language of their choice, engage with distinct linguistic communities, and celebrate events of regional, national and international importance on the platform. Koo's innovative features such as the multi-lingual Koo (MLK) enable the real-time translation of a message across the 10 languages currently offered by the platform, while retaining the sentiment attached to the original message. This feature truly democratizes the voice of users by enabling them to reach out to speakers of other languages, thus amplifying their outreach. Koo also serves a growing volume of users and user-generated content at the national and local levels as more personalities, media outlets, and regional adopters come on board.

“We grow by moving forward and expanding our services based on user feedback,” explains Phaneesh Gururaj, Chief Technology Officer, Koo.

Challenge: Securing a newly-developed and rapidly-expanding social media platform

Koo’s Site Reliability Engineering (SRE) team faced the task of keeping an API-intensive, largely-unsecured new platform and their users safe while improving performance and enhancing their Android and iOS app and browser experience. Then there was the urgent issue of scaling up to meet overwhelming demand.

“As Koo started getting popular across India, we saw a sudden surge in our API traffic. We quickly had to ensure all things related to security were tightened; right caching strategies and policies were put in place, API level throttling was configured - all this had to be done on a war footing,” says Gururaj.

Koo needed a flexible and secure content delivery solution they could implement out-of-the-box.

A seamless Cloudflare implementation, under pressure

Koo adopted Cloudflare within their first six months of operation. The company based their decision on the recommendations of their network partners.

Despite the Koo team’s limited exposure to the Cloudflare product suite and the pressure of the platform’s rapidly growing subscriber base, integrating Cloudflare services with Koo’s existing infrastructure was a smooth and seamless process.

“With the support of the Cloudflare team, we were able to achieve our objectives and secured our infra in a week,” says Gururaj. “After that, they worked with us on our back-end migration to establish the best security infrastructure and security best practices.”

With the system locked down, the team was available to continue its development arc and implement additional Cloudflare features.

Cloudflare WAF and Bot Management ensure API security and block impersonation and emulation attacks

Koo leans heavily on APIs to do everything from posting live user content and language-pair translations to processing video uploads on the fly. With their APIs exposed to the Internet, Koo was vulnerable to DDoS, daisy-chain, and zero-day attacks. The company needed visibility into the sources of the attacks and the ability to block them before they could do damage.

Cloudflare gave Koo the security and insight it lacked.

“Over a 30-day period, Cloudflare automatically blocks around 120 million malicious payloads for us,” says Gururaj. “Using Cloudflare, we can analyze harmful traffic patterns and fine-tune our bot management and WAF rules. When the patterns show malicious traffic coming from a specific country, we can block that, too.”

“We work on a continuous basis to ensure our user data is secure and protected as we provide users with a genuine, safe and reliable experience," says Gururaj.

Cloudflare maintains customer trust by protecting Koo users from credential stuffing, emulation, and impersonation attacks. Thanks to Cloudflare Managed Rulesets and Open Web Application Security Project (OWASP) threat protection, Koo APIs are always safeguarded from threats — whether users access them via their browser or mobile device.

Eliminating high overage fees with Cloudflare Rate Limiting

Where Koo APIs need to remain open and available, the company relies on Cloudflare Rate Limiting. A prime example of this is the SMS one-time password (OTP) APIs Koo uses to verify users’ identities when they log in, or sign up for an account.

“We want our users to experience the least amount of friction when they use the app, but SMS APIs are quite vulnerable,” says Gururaj. “Without Cloudflare Rate Limiting, we would be bombarded with very hefty SMS bills.”

With Cloudflare, Koo can mitigate vulnerabilities, configure thresholds, define traffic, and customize API responses without disrupting the user experience.

Cloudflare accelerates and improves site performance, technical automation, and user experience

To Koo, the benefits of adopting Cloudflare aren’t limited to security. Using the Cloudflare global cloud network, the company has significantly increased the performance and reliability of their in-browser experience.

“When our website loads, the Cloudflare cache ensures that our static elements, JavaScript, and CSS bundles all download from the edge network and kick in effectively,” says Gururaj. “Using the Cloudflare console, we can tweak the configurations to improve our caching and load times.”

According to Gururaj, the Cloudflare cache also streamlines Koo’s upgrade and technical automation pipeline. “With every planned release, it is painless to maintain and regenerate our caches.”

Koo also improved their experience using another out-of-the-box Cloudflare tool to personalize each user’s sign-up and first log-in. With the Cloudflare IP to Geolocation API, Koo users from each region experience the platform in their local language by default. Best of all, the Koo team added the customization with minimal engineering effort.

“It’s a benefit we didn’t anticipate,” Gururaj adds, “but a welcome screen in the user’s own language improves their understanding of Koo, increases retention and helps to build a sticky user journey on the platform. It's a simple use case with a significant impact.”

Scaling up with Cloudflare

Since the company started using Cloudflare, Koo’s traffic has increased by 1600%. Gururaj puts the platform’s growth into perspective:

“Koo sees an average of 2.5 billion hits per month on our APIs and another 500 million hits on our website from Koo products. All of that traffic talks to our back-end infrastructure through an API endpoint. Cloudflare plays a critical role securing and making sure that endpoint is always up and running.”

As a fast-growing social media platform with a significant presence in metropolitan cities as well as the tier II and tier III towns in India, Koo also witnesses bandwidth spikes and surges. Cloudflare helps to ease this load.

“When our traffic jumps 10x due to a trending hashtag or a major celebrity signing on, it doesn’t cause any scaling issues,” says Gururaj. “We work very well in parallel with the Cloudflare team.”

As Koo continues to scale aggressively in India, with plans afoot to attain 100 million downloads, and offer its breakthrough features in all the 22 official Indian languages, the platform seeks to collaborate and engage closely with Cloudflare.

“The kind of growth that we envision for Koo will require a lot of planning and engagement with the Cloudflare team. For Koo, the key benefit of having adopted Cloudflare has been the comprehensive protection that it provides. We have resolved every issue that was of concern, and we will continue to work as keen partners going ahead - in our journey to provide users with an immersive, superior and enriching language experience online," says Gururaj.

Related Case Studies
Key Results
  • With Cloudflare Rate Limiting, Koo detects and neutralizes 120 million malicious payloads per month

  • Cloudflare helps protect Koo's users from credential stuffing, impersonation, and emulation attacks

  • Koo uses Cloudflare to secure 2.5 billion API calls and 500 million website hits every month

We work on a continuous basis to ensure our user data is secure and protected as we provide users with a genuine, safe and trustworthy experience. Cloudflare helps us to maintain that trust.

Phaneesh Gururaj
Chief Technology Officer

Using Cloudflare, we can analyze harmful traffic patterns and fine-tune our bot management and WAF rules. When the patterns show malicious traffic coming from a specific country, we can block that too.

Phaneesh Gururaj
Chief Technology Officer