Skip to content

Back4App API Key

Service Name: Back4App

Service Description: Back4App is a Backend as a Service (BaaS) platform that provides a serverless backend for mobile and web applications. It's built on top of Parse Server, offering features like database storage, user authentication, push notifications, and cloud functions.

Service Address: https://www.back4app.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the application level through the Back4App dashboard security settings.

Secret Access Scope: Grants programmatic access to Back4App applications, allowing operations on databases, files, users, and other resources within the specific application.

Secret Revokement URL: https://www.back4app.com/docs/get-started/app-settings

Secret Example: abcdef123456789abcdef123456789abcdef12

Suspicious Activity Investigation Instructions:

  • Review the application logs in the Back4App dashboard for unusual API calls or data access patterns.
  • Check for unexpected database operations or modifications.
  • Monitor for unauthorized user creation or authentication attempts.
  • Examine cloud function execution logs for suspicious activities.
  • Review network traffic to identify unusual access patterns or locations.

Mitigation Instructions:

  • Log in to your Back4App dashboard at https://dashboard.back4app.com/.
  • Navigate to your application settings.
  • Go to the "Security & Keys" section.
  • Generate a new Client Key and REST API Key.
  • Update your application code with the new keys.
  • Delete or revoke the compromised API key.
  • Consider implementing additional security measures such as IP restrictions.
  • Review and update your application's class-level permissions to ensure proper access controls.