JW Player API Key
Service Name: JW Player
Service Description: JW Player is a digital and mobile video platform that provides video hosting, streaming, and player technology for websites and applications. It offers solutions for video hosting, delivery, and monetization.
Service Address: https://www.jwplayer.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through JW Player dashboard settings.
Secret Access Scope: Grants access to JW Player API endpoints for managing video content, players, analytics, and other platform features.
Secret Revokement URL: https://dashboard.jwplayer.com/#/account/api-credentials
Secret Example: abcDEF123ghiJKL456mnoP
Suspicious Activity Investigation Instructions:
- Review JW Player dashboard for unusual activity or content changes.
- Check API usage logs for unauthorized access or unusual patterns.
- Monitor for unexpected video uploads, deletions, or configuration changes.
- Review analytics for unusual traffic patterns or geographic anomalies.
- Check for unauthorized player embeds on external websites.
Mitigation Instructions:
- Log in to your JW Player dashboard at https://dashboard.jwplayer.com/
- Navigate to Account > API Credentials
- Revoke the compromised API key by clicking Delete next to it
- Generate a new API key if needed
- Update all legitimate applications and services with the new API key
- Review and update API access permissions to enforce the Principle of Least Privilege.
- Consider implementing IP restrictions for API access if available
- Enable notifications for significant account changes or unusual activity