Skip to content

Alchemy API Key

Service Name: Alchemy

Service Description: Alchemy is a blockchain development platform that provides APIs and infrastructure for building decentralized applications (dApps) on Ethereum and other blockchain networks. It offers enhanced APIs, developer tools, and monitoring capabilities for Web3 applications.

Service Address: https://www.alchemy.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Alchemy dashboard for API keys

Secret Access Scope: Grants access to Alchemy's blockchain APIs, including node access, NFT APIs, and other Web3 development tools. The scope depends on the specific API key's permissions set in the Alchemy dashboard.

Secret Revokement URL: https://dashboard.alchemy.com/settings/billing-teams

Secret Example: alcht_Kj8UhD2X9fYmQz7LpTrWvN3sBcA5gE6F

Suspicious Activity Investigation Instructions:

  • Review the Alchemy dashboard for unusual API usage patterns or spikes

  • Check API request logs for unauthorized endpoints or unusual request volumes

  • Monitor for requests from unexpected geographic locations

  • Review any blockchain transactions initiated through the compromised API key

  • Check for unauthorized application integrations using the API key

Mitigation Instructions:

  • Log in to your Alchemy dashboard at https://dashboard.alchemy.com/

  • Navigate to "Settings" > "API Keys"

  • Locate the compromised API key

  • Click "Revoke" or "Delete" to immediately invalidate the key

  • Create a new API key with appropriate permissions

  • Update your applications with the new API key

  • Consider implementing more restrictive IP allow lists for the new key

  • Review and update your secret management practices to prevent future exposures

  • Enable additional security features like webhook notifications for suspicious activities