Auth0 API Keys
Service Name: Auth0
Service Description: Auth0 is an identity management platform that provides authentication, authorization, and user management services for web, mobile, and legacy applications. It offers features like single sign-on, multi-factor authentication, social login, and enterprise connections.
Service Address: https://auth0.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the tenant level through Auth0 Dashboard under Security > Allowed IPs.
Secret Access Scope: Auth0 API keys grant access to the Auth0 Management API, allowing management of users, clients, connections, rules, and other Auth0 resources.
Secret Revokement URL: https://manage.auth0.com/#/apis
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL215LWF1dGgwLWRvb WFpbi5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8MTIzNDU2Nzg5MCIsImF1ZCI6ImFiY2RlZmdo aWprbG1ub3BxcnN0dXZ3eHl6MTIzNCIsImlhdCI6MTUxNjIzOTAyMn0.signature
Suspicious Activity Investigation Instructions:
- Review Auth0 logs for unusual login attempts or API calls in the Auth0 Dashboard.
- Check for unexpected changes to user accounts, applications, or connections.
- Monitor for unusual geographic access patterns or access from unfamiliar IP addresses.
- Review API usage metrics for abnormal spikes in activity.
- Check for unauthorized creation of new applications or API clients.
Mitigation Instructions:
- Rotate the compromised API key immediately in the Auth0 Dashboard.
- Navigate to Applications > APIs in the Auth0 Dashboard.
- Select the affected API and generate a new secret.
- Update all legitimate applications with the new API key.
- Review and update IP allowlists to restrict API access to trusted IPs only.
- Enable additional security features like MFA for dashboard access.
- Audit all recent changes made using the compromised key and revert any unauthorized changes.
- Consider implementing more granular permissions using scoped API tokens instead of master keys.