Skip to content

Frame.io API Token

Service Name: Frame.io

Service Description: Frame.io is a cloud-based video collaboration platform that allows teams to upload, review, and share video content. It provides tools for commenting, annotating, and approving video projects, streamlining the post-production workflow.

Service Address: https://frame.io/

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but Frame.io Enterprise plans offer IP restriction capabilities at the account level.

Secret Access Scope: Grants programmatic access to Frame.io resources including projects, assets, comments, and account information. Depending on the user's permissions, the token can provide read/write access to all content within the account.

Secret Revokement URL: https://developer.frame.io/docs/authentication/personal-access-tokens#revoking-tokens

Secret Example: fio-u-Lt1Lkx4eXAMPLEfCm3XtokENabc123defg456hijk789lmno

Suspicious Activity Investigation Instructions:

  • Review the Frame.io audit logs for unusual activity or unauthorized access
  • Check for unexpected project shares or exports
  • Monitor for unusual comment activity or asset uploads/downloads
  • Verify if there are any unexpected team member additions
  • Look for API calls from unfamiliar IP addresses or locations

Mitigation Instructions:

  • Log in to your Frame.io account and navigate to Account Settings
  • Go to the Developer section and locate Personal Access Tokens
  • Find the compromised token and click "Revoke"
  • Generate a new token with appropriate scopes if needed
  • Review all projects for unauthorized changes or access
  • Consider enabling IP restrictions if you have an Enterprise plan
  • Update any applications or integrations to use the new token
  • Consider implementing shorter token expiration periods for future tokens