Skip to content

ButterCMS API Token

Service Name: ButterCMS

Service Description: ButterCMS is a headless content management system (CMS) and blog engine that allows developers to build CMS-powered websites and applications using any programming language. It provides an API-first approach to content management.

Service Address: https://buttercms.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through the ButterCMS dashboard.

Secret Access Scope: Grants full read and write access to content in your ButterCMS account, including blog posts, pages, and collections.

Secret Revokement URL: https://buttercms.com/settings/

Secret Example: sk_prod_01a2b3c4d5e6f7g8h9i0j

Suspicious Activity Investigation Instructions:

  • Review the API request logs in your ButterCMS dashboard for unusual activity.
  • Check for unexpected content changes or new content creation.
  • Monitor for API calls from unfamiliar IP addresses or locations.
  • Review webhooks configuration for any unauthorized changes.
  • Check for unusual spikes in API usage that could indicate abuse.

Mitigation Instructions:

  • Log in to your ButterCMS dashboard.
  • Navigate to Settings > API Keys.
  • Revoke the compromised API token by clicking Regenerate API Key.
  • Create a new API token to replace the compromised one.
  • Update all legitimate applications with the new API token.
  • Consider implementing IP restrictions for API access if available.
  • Review and update access permissions for team members who might have access to the token.
  • Ensure API tokens are stored securely and not exposed in client-side code.