Skip to content

Fastly API Key

Service Name: Fastly

Service Description: Fastly is a cloud computing services provider that offers content delivery network (CDN), edge computing, security, and streaming media services. It helps businesses deliver fast, secure, and scalable online experiences.

Service Address: https://www.fastly.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the service level through Fastly's ACL (Access Control Lists) feature.

Secret Access Scope: Grants programmatic access to Fastly's API, allowing management of CDN configurations, purging content, viewing analytics, and administering account settings.

Secret Revokement URL: https://docs.fastly.com/en/guides/using-api-tokens#deleting-an-api-token

Secret Example: d3v7355a9091976c4c58a7e42b88c53c

Suspicious Activity Investigation Instructions:

  • Review Fastly logs for unusual API calls or configuration changes.
  • Check for unexpected service configurations or domain additions.
  • Monitor for unauthorized purge requests or edge dictionary modifications.
  • Examine account audit logs for suspicious user activity.
  • Verify if there are unexpected changes to VCL (Varnish Configuration Language) files.

Mitigation Instructions:

  • Log in to your Fastly account and navigate to the "Account" section.
  • Select API tokens from the Personal API tokens menu.
  • Locate the compromised token in the list.
  • Click the trash can icon next to the token to delete it.
  • Create a new API token with appropriate scopes if needed.
  • Update any applications or services that were using the old token.
  • Review and update your token management practices to prevent future exposures.
  • Consider implementing token rotation policies for enhanced security.