Algolia API Key
Service Name: Algolia
Service Description: Algolia is a search-as-a-service platform that provides developers with APIs to build search and discovery experiences within their applications. It offers fast, relevant search functionality with features like typo tolerance, filtering, and personalization.
Service Address: https://www.algolia.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the API key level through Algolia's security settings.
Secret Access Scope: Depending on the key type, it can grant access to search operations, indexing operations, or full administrative control over an Algolia application.
Secret Revokement URL: https://dashboard.algolia.com/account/api-keys
Secret Example: 2b5e4573f969f9f5e9cd74b123456789
Suspicious Activity Investigation Instructions:
-
Review Algolia dashboard logs for unusual search patterns or index modifications
-
Check API usage metrics for unexpected spikes in requests
-
Verify if indices have been unexpectedly modified or deleted
-
Review the API key's permissions and restrictions to understand potential exposure
-
Check for unauthorized applications or services using the API key
Mitigation Instructions:
-
Log in to the Algolia dashboard at
https://dashboard.algolia.com/ -
Navigate to "API Keys" section under your account settings
-
Locate the compromised API key
-
Click "Delete" to revoke the key immediately
-
Create a new API key with appropriate permissions and restrictions
-
Update all legitimate applications to use the new API key
-
Consider implementing more restrictive security measures like:
-
Setting specific referrers for the new key
-
Enabling IP-based restrictions
-
Limiting the key to specific indices
-
Setting appropriate ACLs (Access Control Lists)
-