Cosmic JS API Key
Service Name: Cosmic JS
Service Description: Cosmic JS is a headless content management system (CMS) and API-first platform that allows developers to build modern applications with any technology stack. It provides a cloud-based content management interface with powerful APIs for delivering content to websites, apps, and connected devices.
Service Address: https://www.cosmicjs.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Cosmic JS security settings
Secret Access Scope: Grants programmatic access to read and/or write content in a Cosmic JS bucket, depending on the key's permissions. Can access content types, objects, media, and other bucket resources.
Secret Revokement URL: https://www.cosmicjs.com/dashboard/account/api-access
Secret Example: mCXd72BTvgsPBotxMq2cGiVbkozEhGXOlSA45YZ1WTk3RDNPJz
Suspicious Activity Investigation Instructions:
- Review the Cosmic JS dashboard for unusual content changes or new objects
- Check API request logs for unexpected access patterns or high volume requests
- Monitor for unauthorized bucket access or permission changes
- Verify if content has been modified, deleted, or created without authorization
- Look for API calls from unusual geographic locations or IP addresses
Mitigation Instructions:
- Log in to your Cosmic JS account dashboard
- Navigate to Settings > API Access
- Locate the compromised API key
- Click "Revoke" to immediately invalidate the key
- Generate a new API key with appropriate permissions
- Update the API key in all legitimate applications
-
Consider implementing read-only keys for applications that don't need write access
-
Enable additional security features like two-factor authentication for your
Cosmic JS account
- Review and update bucket permissions to ensure proper access controls