Skip to content

Eleventy API Token

Service Name: Eleventy

Service Description: Eleventy (11ty) is a simpler static site generator that transforms a directory of templates into HTML. It's a JavaScript alternative to Jekyll, built on Node.js, and emphasizes simplicity and performance.

Service Address: https://www.11ty.dev/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to Eleventy-related services, potentially including deployment capabilities, content management, or API integrations.

Secret Revokement URL: Does not exist

Secret Example: 11ty_api_tkn_a1b2c3d4e5f6g7h8i9j0

Suspicious Activity Investigation Instructions:

  • Review deployment logs for unauthorized site deployments or changes
  • Check access logs for unusual IP addresses or locations accessing the API
  • Monitor for unexpected content changes or site modifications
  • Review build history for unauthorized builds or deployments
  • Check for unusual traffic patterns or API usage spikes

Mitigation Instructions:

  • Rotate the API token immediately by generating a new token
  • Revoke the compromised token through your Eleventy account settings
  • Update the token in all legitimate deployment configurations
  • Review and update access permissions for your Eleventy projects

  • Implement additional security measures such as IP restrictions if available

through your hosting provider

  • Review your codebase for any hardcoded tokens and remove them
  • Consider implementing environment variables for token storage in deployment

environments