Frame.io API Token
Service Name: Frame.io
Service Description: Frame.io is a cloud-based video collaboration platform that allows teams to upload, review, and share video content. It provides tools for commenting, annotating, and approving video projects, streamlining the post-production workflow.
Service Address: https://frame.io/
Validation Type: API Auth
IP Allow list: Does not exist at the token level, but Frame.io Enterprise plans offer IP restriction capabilities at the account level.
Secret Access Scope: Grants programmatic access to Frame.io resources including projects, assets, comments, and account information. Depending on the user's permissions, the token can provide read/write access to all content within the account.
Secret Revokement URL: https://developer.frame.io/docs/authentication/personal-access-tokens#revoking-tokens
Secret Example: fio-u-Lt1Lkx4eXAMPLEfCm3XtokENabc123defg456hijk789lmno
Suspicious Activity Investigation Instructions:
- Review the Frame.io audit logs for unusual activity or unauthorized access
- Check for unexpected project shares or exports
- Monitor for unusual comment activity or asset uploads/downloads
- Verify if there are any unexpected team member additions
- Look for API calls from unfamiliar IP addresses or locations
Mitigation Instructions:
- Log in to your Frame.io account and navigate to Account Settings
- Go to the Developer section and locate Personal Access Tokens
- Find the compromised token and click "Revoke"
- Generate a new token with appropriate scopes if needed
- Review all projects for unauthorized changes or access
- Consider enabling IP restrictions if you have an Enterprise plan
- Update any applications or integrations to use the new token
- Consider implementing shorter token expiration periods for future tokens