Flotiq API Token
Service Name: Flotiq
Service Description: Flotiq is a headless Content Management System (CMS) that provides API-first content management capabilities. It allows developers to create, manage, and deliver content through RESTful APIs, making it suitable for websites, mobile apps, and other digital platforms.
Service Address: https://flotiq.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Flotiq's security settings.
Secret Access Scope: Grants programmatic access to content types, media, and other resources within a Flotiq workspace. The token can have read-only or read-write permissions depending on how it was configured.
Secret Revokement URL: https://flotiq.com/docs/API/
Secret Example: fp_api_key_12345abcdef67890ghijklmnopqrstuvwxyz1234
Suspicious Activity Investigation Instructions:
- Review API logs in the Flotiq dashboard for unusual access patterns or operations.
- Check for unexpected content modifications or deletions in your content types.
- Monitor for unusual API call volumes or requests from unexpected geographic locations.
- Examine the timestamps of API calls to identify potential unauthorized access during off-hours.
- Verify if there are any new content types or media files that were not created by authorized users.
Mitigation Instructions:
- Log in to your Flotiq account dashboard.
- Navigate to the API keys section in your account settings.
- Identify the compromised API key and delete it immediately.
- Create a new API key with appropriate permissions to replace the compromised one.
- Update all applications and services that were using the old API key with the new one.
- Consider implementing more restrictive permissions for API keys, limiting them to only the necessary content types and operations.
- Enable additional security features like IP restrictions if available in your Flotiq plan.
- Review your application code to ensure API keys are not exposed in client-side code or public repositories.