Considering that the stock sold out in <1 second by bots, before the DOM of the web page updated, they must have knowledge of the api keys for the site, no?
If a bot invokes the webpage then it would suffer the same issues we all do, even with perfect efficiency the bots would still be waiting 20 minutes..
The conclusion must be that the bots have somehow obtained or predicted the exact links to purchase the page with the exact form submission values to prefill the details.
ie; the bots don't even use a web page to buy. They skip to the card payment immediately.
This can be prevented by a little custom web dev for each launch with a custom token and changing a few element names for calls.
An unreleased acceptance key.
If a bot invokes the webpage then it would suffer the same issues we all do, even with perfect efficiency the bots would still be waiting 20 minutes..
The conclusion must be that the bots have somehow obtained or predicted the exact links to purchase the page with the exact form submission values to prefill the details.
ie; the bots don't even use a web page to buy. They skip to the card payment immediately.
This can be prevented by a little custom web dev for each launch with a custom token and changing a few element names for calls.
An unreleased acceptance key.