Skip to content

Couchbase API Token

Service Name: Couchbase

Service Description: Couchbase is a distributed NoSQL cloud database that delivers unmatched versatility, performance, scalability, and financial value for modern applications. It provides a flexible JSON data model, real-time data processing, and enterprise-grade security.

Service Address: https://www.couchbase.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the cluster level through Couchbase's security settings.

Secret Access Scope: Grants programmatic access to Couchbase databases, clusters, and services. Depending on the token's permissions, it can allow read/write operations, administrative functions, and access to specific buckets.

Secret Revokement URL: https://docs.couchbase.com/server/current/rest-api/rest-token-management.html

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjb3VjaGJhc2UiLCJleHAiOjE2O Tg3NjU0MzB9.8dKoKbVSaIYLkrMXqrIXHiEfB7zQqg2jsXZE5EXAMPLE

Suspicious Activity Investigation Instructions:

  • Review Couchbase audit logs for unusual query patterns or data access
  • Check for unexpected spikes in database operations or traffic
  • Monitor for unauthorized access attempts from unfamiliar IP addresses
  • Examine user activity logs for operations outside normal business hours
  • Look for unusual data export operations or bulk retrievals

Mitigation Instructions:

  • Immediately revoke the compromised API token through the Couchbase Web

Console

  • Generate a new API token with appropriate permissions
  • Update all applications using the old token with the new credentials
  • Review and adjust token permissions to follow the principle of least privilege
  • Enable IP allowlisting for API access if not already configured
  • Consider implementing shorter token expiration periods
  • Update your secret management system to rotate tokens regularly
  • Review audit logs to assess the extent of any potential breach