Skip to content

Cosmic JS API Key

Service Name: Cosmic JS

Service Description: Cosmic JS is a headless content management system (CMS) and API-first platform that allows developers to build modern applications with any technology stack. It provides a cloud-based content management interface with powerful APIs for delivering content to websites, apps, and connected devices.

Service Address: https://www.cosmicjs.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Cosmic JS security settings

Secret Access Scope: Grants programmatic access to read and/or write content in a Cosmic JS bucket, depending on the key's permissions. Can access content types, objects, media, and other bucket resources.

Secret Revokement URL: https://www.cosmicjs.com/dashboard/account/api-access

Secret Example: mCXd72BTvgsPBotxMq2cGiVbkozEhGXOlSA45YZ1WTk3RDNPJz

Suspicious Activity Investigation Instructions:

  • Review the Cosmic JS dashboard for unusual content changes or new objects
  • Check API request logs for unexpected access patterns or high volume requests
  • Monitor for unauthorized bucket access or permission changes
  • Verify if content has been modified, deleted, or created without authorization
  • Look for API calls from unusual geographic locations or IP addresses

Mitigation Instructions:

  • Log in to your Cosmic JS account dashboard
  • Navigate to Settings > API Access
  • Locate the compromised API key
  • Click "Revoke" to immediately invalidate the key
  • Generate a new API key with appropriate permissions
  • Update the API key in all legitimate applications
  • Consider implementing read-only keys for applications that don't need write access

  • Enable additional security features like two-factor authentication for your

Cosmic JS account

  • Review and update bucket permissions to ensure proper access controls