Skip to content

Kaltura API Key

Service Name: Kaltura

Service Description: Kaltura is an open-source video platform that provides video management, creation, and distribution capabilities. It offers solutions for video content management, live-streaming, video portals, and video analytics.

Service Address: https://www.kaltura.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Kaltura's access control profiles.

Secret Access Scope: Grants programmatic access to Kaltura's API endpoints, allowing management of video content, user permissions, analytics, and other platform features.

Secret Revokement URL: https://kmc.kaltura.com/index.php/kmcng/settings/integrationSettings

Secret Example: 1a2b3c4d5e6f7g8h9i0j_1234567890

Suspicious Activity Investigation Instructions:

  • Review Kaltura audit logs for unusual API calls or content access.
  • Check for unexpected video uploads, deletions, or modifications.
  • Monitor for unusual traffic patterns or access from unfamiliar locations.
  • Review user permission changes or new user creations.
  • Check for unexpected changes to content distribution settings.

Mitigation Instructions:

  • Log in to your Kaltura Management Console (KMC).
  • Navigate to the Settings > Integration Settings section.
  • Locate the compromised API key in the list.
  • Click on the "Revoke" or Delete button next to the key.
  • Generate a new API key if needed.
  • Update all legitimate applications to use the new API key.
  • Review and update access control profiles to restrict API access by IP if appropriate.
  • Consider implementing additional security measures such as API request rate limiting.