Ghost Admin API Key
Service Name: Ghost
Service Description: Ghost is an open-source, professional publishing platform designed for creating blogs, newsletters, and digital publications. It offers a modern, minimalist interface with powerful features for content creators and publishers.
Service Address: https://ghost.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Ghost Admin level through configuration settings.
Secret Access Scope: Grants full administrative access to a Ghost site, including content management, user administration, theme customization, and site settings.
Secret Revokement URL: https://ghost.org/docs/admin-api/#authentication (Admin UI → Settings → Integrations → Custom Integrations)
Secret Example: 60f4e66daf1cd9c7c1c3d7d065:d2301dc289d33c47a4440a0953e86c3070c981b87e9a541 ac88c55894d3d090a
Suspicious Activity Investigation Instructions:
- Review Ghost admin logs for unauthorized access or suspicious activities
- Check for unexpected content changes, user additions, or theme modifications
- Monitor for unusual API requests in your server logs
- Verify if any unauthorized integrations have been added
- Check for unexpected changes to site settings or configurations
Mitigation Instructions:
- Log in to your Ghost Admin panel
- Navigate to Settings → Integrations → Custom Integrations
- Delete the compromised integration or API key
- Create a new integration with a fresh API key
- Update any legitimate applications using the old key
- Consider implementing IP restrictions for admin access
- Review and update user permissions to ensure proper access controls
- Enable two-factor authentication for all admin accounts if available