Alchemy API Key
Service Name: Alchemy
Service Description: Alchemy is a blockchain development platform that provides APIs and infrastructure for building decentralized applications (dApps) on Ethereum and other blockchain networks. It offers enhanced APIs, developer tools, and monitoring capabilities for Web3 applications.
Service Address: https://www.alchemy.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Alchemy dashboard for API keys
Secret Access Scope: Grants access to Alchemy's blockchain APIs, including node access, NFT APIs, and other Web3 development tools. The scope depends on the specific API key's permissions set in the Alchemy dashboard.
Secret Revokement URL: https://dashboard.alchemy.com/settings/billing-teams
Secret Example: alcht_Kj8UhD2X9fYmQz7LpTrWvN3sBcA5gE6F
Suspicious Activity Investigation Instructions:
-
Review the Alchemy dashboard for unusual API usage patterns or spikes
-
Check API request logs for unauthorized endpoints or unusual request volumes
-
Monitor for requests from unexpected geographic locations
-
Review any blockchain transactions initiated through the compromised API key
-
Check for unauthorized application integrations using the API key
Mitigation Instructions:
-
Log in to your Alchemy dashboard at
https://dashboard.alchemy.com/ -
Navigate to "Settings" > "API Keys"
-
Locate the compromised API key
-
Click "Revoke" or "Delete" to immediately invalidate the key
-
Create a new API key with appropriate permissions
-
Update your applications with the new API key
-
Consider implementing more restrictive IP allow lists for the new key
-
Review and update your secret management practices to prevent future exposures
-
Enable additional security features like webhook notifications for suspicious activities