Agora API Keys
Service Name: Agora.io
Service Description: Agora.io is a real-time engagement platform that provides SDKs for adding voice, video, messaging, and interactive live-streaming capabilities to applications. It offers a cloud infrastructure for developers to build real-time communication features.
Service Address: https://www.agora.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Agora Console under Security settings.
Secret Access Scope: Grants access to Agora's Real-Time Communication (RTC) services, including voice and video calls, interactive broadcasting, and messaging features. The API key allows developers to authenticate their applications with Agora's platform.
Secret Revokement URL: https://console.agora.io/projects
Secret Example: 061a29867e9d4ed0a33d9a8cd56b8ab3
Suspicious Activity Investigation Instructions:
-
Log into the Agora Console and review the usage analytics for unusual traffic patterns.
-
Check for unexpected spikes in minutes used or concurrent users.
-
Review the project settings to ensure no unauthorized changes have been made.
-
Examine the IP addresses that have been accessing your Agora services.
-
Monitor for unusual geographic access patterns in the analytics dashboard.
-
Review any third-party integrations that might be using your Agora credentials.
Mitigation Instructions:
-
Log into the Agora Console at
https://console.agora.io/ -
Navigate to the Projects section.
-
Select the affected project.
-
Click on the "Edit" button for the project.
-
Generate a new App ID and/or App Certificate.
-
Update your applications with the new credentials.
-
Enable IP whitelisting in the Security settings if not already enabled.
-
Enable token authentication for additional security.
-
Review and update any webhook URLs or callback configurations.
-
Consider implementing temporary tokens with short lifespans for enhanced security.