Skip to content

Akamai API Credentials

Service Name: Akamai Technologies

Service Description: Akamai Technologies is a global content delivery network (CDN), cybersecurity, and cloud service company, providing web and Internet security services, content delivery, and edge computing platforms.

Service Address: https://www.akamai.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the API client level through the Akamai Control Center.

Secret Access Scope: Grants programmatic access to Akamai's APIs for managing CDN configurations, security settings, edge computing functions, and other Akamai services.

Secret Revokement URL: https://control.akamai.com/apps/identity-management/

Secret Example: akab-xxxxxxxxxxxxx-xxxxxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx=

Suspicious Activity Investigation Instructions:

  • Review API access logs in the Akamai Control Center for unusual activity.

  • Check for unauthorized configuration changes to CDN settings, security rules, or property configurations.

  • Monitor for unexpected changes to DNS settings or edge computing functions.

  • Verify if there are any unusual traffic patterns or security events reported in the Akamai dashboard.

  • Review audit logs for API calls made with the compromised credentials.

Mitigation Instructions:

  • Log in to the Akamai Control Center at https://control.akamai.com/.

  • Navigate to Identity Management under the Account menu.

  • Locate the API client associated with the compromised credentials.

  • Deactivate or delete the API client to immediately revoke access.

  • Create a new API client with fresh credentials if needed.

  • Update all applications, scripts, or systems that were using the old credentials.

  • Consider implementing more restrictive access controls for the new API client, such as IP restrictions or limited permissions.

  • Review and update security policies to prevent future credential exposure.