Skip to content

Cisco Meraki API Token

Service Name: Cisco Meraki

Service Description: Cisco Meraki is a cloud-managed IT solution that offers networking, security, and device management capabilities through a centralized dashboard. It provides products including wireless access points, switches, security appliances, and mobile device management.

Service Address: https://meraki.cisco.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through the Meraki Dashboard API access settings.

Secret Access Scope: Grants programmatic access to the Meraki Dashboard API, allowing management of networks, devices, clients, and configurations across an organization's Meraki infrastructure.

Secret Revokement URL: https://documentation.meraki.com/General_Administration/Other_Topics/Cisco_Meraki_Dashboard_API#API_Key_Management

Secret Example: 6bec40cf957de430a6f1f2baa056b99a4fac9ea0

Suspicious Activity Investigation Instructions:

  • Review the API request logs in the Meraki Dashboard under Organization > Configure > Logs > API Requests.
  • Check for unusual API calls, especially those modifying network configurations or security settings.
  • Verify if there are any unexpected changes to network configurations, device settings, or user permissions.
  • Monitor for API calls from unfamiliar IP addresses or outside normal business hours.

  • Review organization audit logs for suspicious administrative actions.

Mitigation Instructions:

  • Log in to the Meraki Dashboard as an administrator.
  • Navigate to Organization > Configure > Settings.
  • Scroll down to the "Dashboard API access" section.
  • Click "Revoke" next to the compromised API key.
  • Generate a new API key if needed, with appropriate permissions.
  • Consider implementing IP restrictions for API access.
  • Review and update organization administrator accounts and permissions.
  • Enable two-factor authentication for all administrator accounts.