Skip to content

DataRobot API Key

Service Name: DataRobot

Service Description: DataRobot is an enterprise AI platform that automates the end-to-end process for building, deploying, and maintaining AI at scale. It enables organizations to prepare data, build and deploy machine learning models, and monitor model performance.

Service Address: https://www.datarobot.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through DataRobot's platform settings.

Secret Access Scope: Grants programmatic access to DataRobot's API, allowing users to create projects, upload datasets, build models, make predictions, and manage deployments.

Secret Revokement URL: https://app.datarobot.com/account/developer-tools

Secret Example: ZWY5YTJlMGUtYjM4ZC00YWNlLTk3ZDMtMmQzYmM5ZGE3YWIw

Suspicious Activity Investigation Instructions:

  • Review DataRobot audit logs for unusual API calls or resource access.
  • Check for unexpected model deployments or predictions made using the API.
  • Monitor for unusual data uploads or downloads through the API.
  • Look for API calls from unfamiliar IP addresses or outside normal business hours.
  • Verify if there are any unexpected changes to model settings or deployments.

Mitigation Instructions:

  • Log in to your DataRobot account and navigate to your user profile.

  • Go to "Developer Tools" or "API Keys" section.

  • Locate the compromised API key and click "Revoke" or "Delete".
  • Generate a new API key if needed.
  • Update all legitimate applications and services with the new API key.
  • Consider implementing IP restrictions for API access if not already in place.
  • Review and update access permissions for users who had access to the compromised key.