Skip to content

Akamai API Client Secret

Service Name: Akamai

Service Description: Akamai Technologies is a global content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security services, content delivery, and edge computing platforms.

Service Address: https://www.akamai.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the API client level through Akamai's Identity and Access Management.

Secret Access Scope: Grants programmatic access to Akamai APIs and services, allowing management of CDN configurations, security settings, and other Akamai platform features.

Secret Revokement URL: https://control.akamai.com/apps/identity-management/

Secret Example: akab1234567890abcdef1234567890abcdef12345

Suspicious Activity Investigation Instructions:

  • Review API access logs in the Akamai Control Center for unusual API calls or patterns.

  • Check for unauthorized configuration changes to CDN settings, security policies, or edge computing resources.

  • Monitor for unexpected traffic patterns or resource usage in your Akamai account.

  • Verify if there are any new API clients or credentials that were created without authorization.

  • Review the IP addresses that have been using the API credentials for any suspicious locations.

Mitigation Instructions:

  • Log in to the Akamai Control Center at https://control.akamai.com/.

  • Navigate to Identity & Access Management > API Clients.

  • Locate the compromised API client.

  • Either delete the API client entirely or regenerate the client secret.

  • If regenerating, update the secret in all legitimate applications using the API.

  • Consider implementing IP restrictions for API access if not already in place.

  • Review and adjust the permissions assigned to the API client to ensure the Principle of Least Privilege.

  • Enable enhanced security monitoring for API activities.