Skip to content

Akamai API Client Token

Service Name: Akamai Technologies

Service Description: Akamai is a global content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security services, content delivery, and edge computing platforms.

Service Address: https://www.akamai.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the API client level through Akamai's Identity and Access Management system.

Secret Access Scope: Grants programmatic access to Akamai APIs, allowing management of CDN configurations, security settings, and other Akamai services.

Secret Revokement URL: https://control.akamai.com/apps/identity-management/

Secret Example: akab-7dh2n9s6fhx5kqvm-j3u2vw4p9y8xzgtr

Suspicious Activity Investigation Instructions:

  • Review API access logs in the Akamai Control Center for unusual API calls or patterns.

  • Check for configuration changes to CDN settings, security policies, or edge computing resources.

  • Monitor for unauthorized property modifications or new property creations.

  • Verify API call volume and patterns against normal baseline usage.

  • Check for API calls from unusual geographic locations or IP addresses.

Mitigation Instructions:

  • Log in to the Akamai Control Center at https://control.akamai.com/.

  • Navigate to Identity & Access Management.

  • Locate the compromised API client in the list.

  • Revoke the client token by selecting the client and clicking "Revoke".

  • Create a new API client with appropriate permissions to replace the compromised one.

  • Update any applications or services using the old token with the new credentials.

  • Consider implementing more restrictive access controls, such as IP restrictions.

  • Review and update API access policies to follow the principle of least privilege.