Skip to content

JW Player API Key

Service Name: JW Player

Service Description: JW Player is a digital and mobile video platform that provides video hosting, streaming, and player technology for websites and applications. It offers solutions for video hosting, delivery, and monetization.

Service Address: https://www.jwplayer.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through JW Player dashboard settings.

Secret Access Scope: Grants access to JW Player API endpoints for managing video content, players, analytics, and other platform features.

Secret Revokement URL: https://dashboard.jwplayer.com/#/account/api-credentials

Secret Example: abcDEF123ghiJKL456mnoP

Suspicious Activity Investigation Instructions:

  • Review JW Player dashboard for unusual activity or content changes.
  • Check API usage logs for unauthorized access or unusual patterns.
  • Monitor for unexpected video uploads, deletions, or configuration changes.
  • Review analytics for unusual traffic patterns or geographic anomalies.
  • Check for unauthorized player embeds on external websites.

Mitigation Instructions:

  • Log in to your JW Player dashboard at https://dashboard.jwplayer.com/
  • Navigate to Account > API Credentials
  • Revoke the compromised API key by clicking Delete next to it
  • Generate a new API key if needed
  • Update all legitimate applications and services with the new API key
  • Review and update API access permissions to enforce the Principle of Least Privilege.
  • Consider implementing IP restrictions for API access if available
  • Enable notifications for significant account changes or unusual activity