Amplitude API Key
Service Name: Amplitude
Service Description: Amplitude is a product analytics platform that helps companies understand user behavior, optimize product experiences, and drive business growth through data-driven insights.
Service Address: https://amplitude.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Amplitude's security settings.
Secret Access Scope: Grants programmatic access to Amplitude's analytics API, allowing data ingestion, querying analytics data, and managing user properties.
Secret Revokement URL: https://help.amplitude.com/hc/en-us/articles/360058073772-Create-and-manage-API-keys
Secret Example: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Suspicious Activity Investigation Instructions:
- Review Amplitude audit logs for unusual API calls or data access patterns.
- Check for unexpected spikes in API usage or data export activities.
- Monitor for unauthorized project access or unusual query patterns.
- Examine IP addresses and locations accessing the API for anomalies.
- Review any changes to user properties or event schemas that weren't planned.
Mitigation Instructions:
- Log in to your Amplitude dashboard and navigate to Settings > Projects.
- Select the relevant project where the key is used.
-
Go to the "API Keys" section.
-
Locate the compromised API key and click "Revoke" or "Delete".
- Generate a new API key if needed.
- Update all legitimate applications and services with the new API key.
- Review and adjust API key permissions to follow the principle of least privilege.
- Consider implementing IP restrictions for API access if not already in place.