Read Time: 5 mins
author: augustwenty published on: 2025-01-01

Delivering Security at Speed with Finite State

case study technology and craft

How augustwenty built and delivered a scalable REST API under pressure—meeting customer demands and exceeding expectations.

Security at the Speed of Innovation

Client Overview

  • Client: Finite State
  • Industry: Cybersecurity
  • Mission: Finite State automates product security for connected devices and embedded systems. Their goal is to empower developers and security teams to deliver products with confidence—ensuring connected systems meet the highest security standards in a fast-changing world.

The Challenge: A REST API Under Tight Deadlines

Finite State already had a Postgres database wrapped by a GraphQL API that powered their internal UI. However, customers preferred REST APIs—and competitors already offered them.

Finite State needed to:

  • Deliver a REST API with three core endpoints:
    1. Upload firmware for analysis
    2. Return a list of firmware issues
    3. Generate reports
  • Provide secure authentication tokens for customers.
  • Meet a hard deadline of December 15, 2021—just weeks away.

The risks were high: without a REST API, Finite State risked losing ground to competitors and disappointing their customers.

Our Approach: Collaborating to Meet the Deadline

Finite State turned to augustwenty for help. Instead of reinventing the wheel, we built on their strong existing infrastructure, which included reproducible Terraform files, AWS CodeBuild pipelines, Kubernetes clusters, and centralized metrics/logging in CloudWatch.

This solid foundation allowed us to focus on rapid API development rather than infrastructure setup.

Solution Discovery: Mapping the Obstacles

Each endpoint presented unique challenges:

  • Upload Endpoint: Firmware files could exceed 5GB, requiring a custom chunked upload solution beyond S3’s limits.
  • Issues Endpoint: The issues data came from a complex internal GraphQL model with undocumented resolvers. It required reverse engineering and careful aggregation to deliver customer-ready results.
  • Reports Endpoint: Generating reports could take minutes, creating risks of request timeouts. We had to choose between asynchronous processing or extending infrastructure-wide timeouts.

Implementation: Strategy of Development

To deliver on time, we used an MVP-first approach, focusing on core functionality before layering on enhancements.

Key steps:

  • Collaborated with the product owner to prioritize requirements.
  • Split responsibilities across developers: one handled multipart uploads, one worked on Django authentication, and one built the token management UI.
  • Maintained close communication across product, ops, backend, UI, and security teams.

Challenges We Overcame

  • Large Uploads: Built and tested a robust chunked upload mechanism for multi-gigabyte firmware files.
  • Opaque Data Models: Reverse engineered undocumented GraphQL resolvers to deliver a usable, paginated “issues” endpoint.
  • Long Report Generation: Balanced customer needs with infrastructure constraints, designing a solution that supported both synchronous and asynchronous use cases.

Results: Delivered On Time—and Beyond

On December 15, 2021, the new REST API went live:

  • Fully functional with all three endpoints.
  • Secured with managed authentication tokens.
  • Packaged with single-page documentation for customer integration.

In the months that followed, we enhanced the API further:

  • Added Swagger documentation for comprehensive developer reference.
  • Implemented dynamic token generation.
  • Expanded features like SPDX report types, bookmarking, filtering, and data discovery.

The success of the project was recognized internally as well—Finite State’s product owner, Bryan, was promoted to lead the product organization.

Smooth Transition: Long-Term Confidence

To ensure lasting success, we:

  • Conducted knowledge transfer sessions with Finite State’s developers.
  • Provided documentation for API maintenance and scalability.
  • Left behind a solution that was future-ready and easy to extend.

By project close, Finite State had:

  • A fully operational, scalable REST API.
  • Seamless authentication management.
  • Strong documentation and infrastructure for future growth.

Technologies Used

  • Backend: Python, Django
  • File Handling: Multipart uploads to S3
  • Security: Managed authentication tokens
  • Documentation: Swagger
  • Infrastructure: Terraform, AWS, Kubernetes

Conclusion: Secure, Scalable, and On Time

With augustwenty’s partnership, Finite State transformed customer demand into a delivered solution—meeting a high-stakes deadline and strengthening their product offering.

Key Takeaways:

  • On-Time Delivery: REST API live by December 15th deadline.
  • Customer Retention: Matched competitors’ offerings and kept clients happy.
  • Enhanced Features: Expanded functionality beyond initial requirements.
  • Future Ready: Scalable, documented, and secure for ongoing success.

Comments (0)

Leave a Comment

Comments are moderated.

No comments yet. Be the first to share your thoughts!