DreamFactory API Key
Service Name: DreamFactory
Service Description: DreamFactory is an open-source REST API platform that provides a complete solution for building and managing APIs. It automatically generates RESTful APIs for various backend data sources including SQL databases, NoSQL databases, file systems, and external services.
Service Address: https://www.dreamfactory.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the application level through DreamFactory's role-based access controls and API limits.
Secret Access Scope: Grants access to DreamFactory services and resources based on the role assigned to the API key. Can provide access to databases, file storage, remote web services, and other backend systems connected to the DreamFactory instance.
Secret Revokement URL: https://guide.dreamfactory.com/docs/chapter03.html#managing-applications
Secret Example: 36fb8e87d1d482d4a5a81b94de566ce0b2c9c96f2268f32579ddd67f7fb3af0f
Suspicious Activity Investigation Instructions:
- Review DreamFactory logs for unusual API calls or access patterns
- Check for unexpected changes to API configurations or services
- Monitor for unusual data access or modifications to connected resources
- Examine API usage statistics for abnormal request volumes or patterns
- Review role assignments and permissions for the compromised API key
Mitigation Instructions:
- Log in to your DreamFactory admin console
- Navigate to the Apps tab in the admin sidebar
- Locate the application associated with the compromised API key
- Click on the application and select Delete to revoke the API key
- Create a new application with appropriate role assignments to generate a fresh API key
- Update any client applications or services to use the new API key
- Consider implementing additional security measures such as IP restrictions or rate limiting
- Review and adjust role permissions to ensure the Principle of Least Privilege