Skip to content

GitBook API Key

Service Name: GitBook

Service Description: GitBook is a modern documentation platform where teams can document everything from products to internal knowledge bases and APIs.

Service Address: https://www.gitbook.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to GitBook API, allowing management of spaces, content, and user information.

Secret Revokement URL: Does not exist

Secret Example: gb_api_1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t

Suspicious Activity Investigation Instructions:

  • Check GitBook audit logs for unauthorized access or content modifications
  • Review API usage patterns for unusual activities or high volume requests
  • Verify if any unauthorized spaces or content have been created or modified
  • Check for any changes to user permissions or team memberships

Mitigation Instructions:

  • Immediately revoke the compromised API key from your GitBook account settings
  • Generate a new API key with appropriate permissions
  • Update all applications or services using the old key with the new one
  • Review and adjust API key permissions to follow the principle of least privilege
  • Enable notifications for API key usage if available