FullStory API Key
Service Name: FullStory
Service Description: FullStory is a digital experience analytics platform that helps businesses understand, measure, and improve the digital experience they provide to their users. It offers session replay, heatmaps, conversion funnels, and user behavior analytics.
Service Address: https://www.fullstory.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants programmatic access to FullStory's API, allowing retrieval of session data, user information, and analytics. Can be used to manage recordings, export data, and integrate with other systems.
Secret Revokement URL: https://help.fullstory.com/hc/en-us/articles/360020624854-Managing-API-Keys
Secret Example: fs_org_1234567890abcdef1234567890abcdef_1234567890abcdef1234567890abcdef
Suspicious Activity Investigation Instructions:
- Check the FullStory audit logs for unusual API access patterns or data exports
- Review the IP addresses that have been using the API key
- Monitor for unexpected data exports or bulk downloads
- Check for unauthorized integrations with third-party services
- Verify if the API key has been used from unusual geographic locations
Mitigation Instructions:
-
Log in to your FullStory account as an administrator
-
Navigate to Settings > Security > API Keys
- Locate the compromised API key
- Click "Revoke" to immediately invalidate the key
- Create a new API key if needed for legitimate services
- Update any authorized applications or services with the new key
- Review and update access controls for your FullStory account
- Consider implementing IP restrictions at the application level if possible
- Verify the validity of the API key by making a request to
https://developer.fullstory.com/server/v1/authentication/me/