Skip to content

BrowserStack Access Key

Service Name: BrowserStack

Service Description: BrowserStack is a cloud web and mobile testing platform that enables developers to test their websites and mobile applications across various browsers, operating systems, and real mobile devices, without requiring users to install virtual machines, devices, or emulators.

Service Address: https://www.browserstack.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level for enterprise plans.

Secret Access Scope: Grants programmatic access to BrowserStack's automated testing services, including Automate, App Automate, Percy, and other BrowserStack APIs.

Secret Revokement URL: https://www.browserstack.com/accounts/settings

Secret Example: 9a45df10c93f49e7977361703aa7c3801

Suspicious Activity Investigation Instructions:

  • Review BrowserStack dashboard for unauthorized test sessions or unusual activity.
  • Check access logs in your BrowserStack account for unexpected IP addresses or locations.
  • Monitor for unusual testing patterns or excessive resource usage.
  • Review integration points where the access key might be used (CI/CD pipelines, testing frameworks).

Mitigation Instructions:

  • Sign in to your BrowserStack account at BrowserStack account settings.
  • Go to Access Keys.
  • Select Reset next to the compromised access key.
  • Generate a new access key to replace the compromised one.
  • Update the access key in all legitimate applications, CI/CD pipelines, and testing frameworks.
  • Consider implementing IP restrictions if you're on an enterprise plan.
  • Review and update your secret management practices to prevent future exposures.