Ghost Content API Key
Service Name: Ghost
Service Description: Ghost is an open-source, professional publishing platform designed for creating blogs, magazines, and news sites. It offers a headless CMS with a modern admin interface and a powerful API for content management.
Service Address: https://ghost.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the Ghost admin level through custom integrations settings.
Secret Access Scope: Content API keys grant read-only access to published content, authors, tags, and settings. They allow external applications to fetch and display content from a Ghost site.
Secret Revokement URL: https://ghost.org/docs/admin-api/#authentication (Access can be revoked through the Ghost Admin panel under Settings > Integrations)
Secret Example: 7f62b0e4f86be02a1d2a3eb14f0c7ea5fd4c2e6b3cee9ace4536c04b1d41
Suspicious Activity Investigation Instructions:
- Review Ghost admin logs for unusual API access patterns or high request volumes
- Check for unauthorized content access or scraping activities
- Monitor for unusual geographic access locations
- Verify if the API key is being used by applications not authorized by your organization
- Review the Ghost site's traffic analytics for unusual spikes or patterns
Mitigation Instructions:
- Log in to your Ghost Admin panel
- Navigate to Settings > Integrations
- Locate the integration containing the compromised Content API key
- Click "Regenerate" to create a new API key, which invalidates the old one
- Update all legitimate applications with the new API key
- Consider implementing additional security measures like rate limiting
- Review and update your API key management policies
- Consider implementing a custom integration with more limited permissions if needed