#dotpe and Software Engineering Discipline
The issue with dotpe API
Since last few hours, dotpe ,an Indian startup catering to restaurant is in news for the funny hacks one could do in their API .I am sharing the archived sub stack article below for the details . It a fun read where a techie found out most ordered items at different branches of Social bar .He then goes on to hack the api by ordering an item on behalf of a table next to him . Read to know what items folks in India prefer with their drinks . Damn i did not know Social is so big (are they open to Private Equity :)).
image copyright Pea Bee
Why would a startup miss the basics
But the intention of the post is not the ridicule dotpe .It is clear that they missed enforcing basic authorization for their APIS .It is very unlikely that their engineers didn’t know about elementary practices on auth. The most likely it is case of features overpowering the discipline .Someone totally missed modelling the system boundary since “all the API was doing is to order food from menu” only to later realize that once you keep the gate open anything can walk in.Thats a generic take.
More specifically probably dotpe wanted customers to order food by scanning a QR code without any friction of singup. This resulted in a clientless API sans any id or possibility of auth. You can this of this as using postman . Its is very likely that someone did point it out internally but lost the argument in favour of frictionless experience given by a powerful designation.
This is also points at larger problem i.e lack of regard to the discipline of Software Engineering Indian startup industry .
The maturity deficit
As industry we don’t have a good supply people across experience levels who have built software from ground up and run it earn their salary .It is one thing to hire bright engineering’s with brilliant leetcode and MBA credentials .But brilliance is not a substitute for wisdom and having nerves .It is in such cases it is very likely that he QoS/concerns like auth-performance-maintainability-resilience or more such ability is missed .Or even if they are taken care by the developers they loose the argument in favor of “release it now” argument. This is the spectrum from skills to wisdom to nerves . And that is the craft of Software Engineering ( as opposed to just code and build).
Dotpe’s redemption
back to dotpe ,they should scrutinize their people dynamics as opposed to punish the engineer in charge .Better still they should turn this into a marketing opportunity by release monthly dotpe food trends .
Here is the whole story https://web.archive.org/web/20240923081639/https://peabee.substack.com/p/whats-inside-the-qr-code-menu-at