Skip to content

Agora API Keys

Service Name: Agora.io

Service Description: Agora.io is a real-time engagement platform that provides SDKs for adding voice, video, messaging, and interactive live-streaming capabilities to applications. It offers a cloud infrastructure for developers to build real-time communication features.

Service Address: https://www.agora.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Agora Console under Security settings.

Secret Access Scope: Grants access to Agora's Real-Time Communication (RTC) services, including voice and video calls, interactive broadcasting, and messaging features. The API key allows developers to authenticate their applications with Agora's platform.

Secret Revokement URL: https://console.agora.io/projects

Secret Example: 061a29867e9d4ed0a33d9a8cd56b8ab3

Suspicious Activity Investigation Instructions:

  • Log into the Agora Console and review the usage analytics for unusual traffic patterns.

  • Check for unexpected spikes in minutes used or concurrent users.

  • Review the project settings to ensure no unauthorized changes have been made.

  • Examine the IP addresses that have been accessing your Agora services.

  • Monitor for unusual geographic access patterns in the analytics dashboard.

  • Review any third-party integrations that might be using your Agora credentials.

Mitigation Instructions:

  • Log into the Agora Console at https://console.agora.io/

  • Navigate to the Projects section.

  • Select the affected project.

  • Click on the "Edit" button for the project.

  • Generate a new App ID and/or App Certificate.

  • Update your applications with the new credentials.

  • Enable IP whitelisting in the Security settings if not already enabled.

  • Enable token authentication for additional security.

  • Review and update any webhook URLs or callback configurations.

  • Consider implementing temporary tokens with short lifespans for enhanced security.