Skip to content

Forest Admin API Key

Service Name: Forest Admin

Service Description: Forest Admin is a remote admin panel for your application's database, providing a customizable interface to manage data, users, and operations without building an admin backend from scratch.

Service Address: https://www.forestadmin.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level in Forest Admin settings.

Secret Access Scope: Grants access to Forest Admin's API, allowing management of data, users, and operations within the admin panel.

Secret Revokement URL: https://docs.forestadmin.com/developer-guide/reference-guide/keys/api-key

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVmOWEyZTc3ZjQ3YWIwMDAyMzBkMDAwMCIsImtleSI6ImZvcmVzdGFkbWluX2V4YW1wbGVfa2V5IiwiaWF0IjoxNjAzOTgxOTQzfQ.EXAMPLE_SIGNATURE

Suspicious Activity Investigation Instructions:

  • Review Forest Admin logs for unusual access patterns or actions
  • Check for unauthorized schema modifications or data manipulations
  • Monitor for unexpected user permission changes
  • Verify if there are any new users or roles created without authorization
  • Examine API calls made with the compromised key

Mitigation Instructions:

  • Log in to your Forest Admin account
  • Navigate to the Project Settings
  • Go to the "Keys" section
  • Identify the compromised API key
  • Click "Revoke" to invalidate the key
  • Generate a new API key if needed
  • Update the key in all legitimate applications
  • Consider implementing IP restrictions for the new key
  • Review and update user permissions to ensure proper access controls