Skip to content

Datadog API Key

Service Name: Datadog

Service Description: Datadog is a monitoring and analytics platform for cloud-scale applications. It provides full-stack observability by bringing together infrastructure metrics, application traces, logs, and user experience monitoring in one unified platform.

Service Address: https://www.datadoghq.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level in Datadog. You can restrict access to the Datadog API and web UI by IP address.

Secret Access Scope: Datadog API keys grant programmatic access to Datadog's API endpoints, allowing for monitoring, reporting, and configuration management of Datadog resources.

Secret Revokement URL: https://app.datadoghq.com/organization-settings/api-keys

Secret Example: d4t4d0g1234567890abcdef1234567890

Suspicious Activity Investigation Instructions:

  • Review the Datadog audit logs for unusual API calls or configuration changes.
  • Check for unexpected dashboards, monitors, or integrations created in your Datadog account.
  • Look for unusual data collection patterns or unexpected spikes in API usage.
  • Verify if the API key was used from unusual geographic locations or IP addresses.
  • Review the list of active API keys in your Datadog organization settings.

Mitigation Instructions:

  • Log in to your Datadog account and navigate to Organization Settings > API Keys.

  • Locate the compromised API key in the list.

  • Click on the "Disable" button next to the key to immediately revoke access.
  • Create a new API key with appropriate permissions to replace the compromised one.

  • Update all legitimate applications and services to use the new API key.

  • Consider implementing IP restrictions for your Datadog API keys.
  • Review and update your secret management practices to prevent future exposures.