Skip to content

F5 API Token

Service Name: F5 Networks

Service Description: F5 Networks provides application delivery and security solutions for the delivery of apps, data, and services. Their products include load balancers, application security, and access management solutions.

Service Address: https://www.f5.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the F5 BIG-IP management interface level through access policies.

Secret Access Scope: F5 API tokens grant programmatic access to F5 BIG-IP systems, allowing management of load balancing, security policies, and network configurations.

Secret Revokement URL: https://support.f5.com/csp/article/K41763344

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwic291cmNlI joibG9jYWwiLCJ0b2tlbkV4cGlyYXRpb24iOjE1ODcwMDU2MDB9.xxxxxxxxxxxxxxxxxxxxxxx xxxx

Suspicious Activity Investigation Instructions:

  • Review F5 BIG-IP audit logs for unusual API calls or configuration changes
  • Check for unauthorized access attempts or unusual login patterns
  • Monitor for unexpected changes to load balancing rules, security policies, or network configurations
  • Verify if there are any unauthorized virtual servers or pools created
  • Check for unusual traffic patterns or security events in the F5 logs

Mitigation Instructions:

  • Log into the F5 BIG-IP management interface
  • Navigate to System > Users > Token Administration
  • Locate the compromised token and click "Delete"
  • Generate a new token if needed
  • Review and update access policies to restrict API access by IP address
  • Consider implementing shorter token expiration times
  • Enable multi-factor authentication for administrative access
  • Review and update user permissions to enforce principle of least privilege
  • Update any applications or scripts using the revoked token with the new

credentials