API Fortress API Key
Service Name: API Fortress
Service Description: API Fortress is a comprehensive API testing and monitoring platform that helps organizations ensure the quality, performance, and reliability of their APIs. It provides tools for functional testing, load testing, security testing, and continuous monitoring of APIs.
Service Address: https://apifortress.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through API Fortress dashboard settings.
Secret Access Scope: Grants programmatic access to API Fortress platform, allowing test creation, execution, and management of API monitoring activities.
Secret Revokement URL: https://apifortress.com/app/#/settings/apikeys
Secret Example: apif-1234abcd5678efgh9012ijkl3456mnop
Suspicious Activity Investigation Instructions:
- Review API Fortress audit logs for unusual API calls or test executions
- Check for unauthorized test creations or modifications
- Monitor for unusual API testing patterns or high-volume test executions
- Verify if the API key has been used from unexpected geographic locations
- Examine any changes to test configurations or monitoring settings
Mitigation Instructions:
- Log in to your API Fortress account
- Navigate to Settings > API Keys
-
Locate the compromised API key
-
Click the "Revoke" or "Delete" button next to the key
- Generate a new API key with appropriate permissions
- Update any legitimate applications or services using the old key
- Consider implementing more restrictive IP allowlisting for API key usage
- Review and update access control policies for your API Fortress account