Skip to content

Kong Admin Token

Service Name: Kong API Gateway

Service Description: Kong is an open-source API gateway and microservices management layer that sits in front of your APIs, providing features like authentication, rate limiting, logging, and more to help manage API traffic.

Service Address: https://konghq.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Kong Admin API level through CORS settings and network-level controls.

Secret Access Scope: Grants full administrative access to the Kong Admin API, allowing configuration changes to API gateways, services, routes, plugins, and consumers.

Secret Revokement URL: Does not exist (tokens must be rotated or removed from Kong's configuration)

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrb25nX2FkbWluIiwibmFtZSI6I mFkbWluIiwiaWF0IjoxNTE2MjM5MDIyfQ.XYZ123abc456def789ghi

Suspicious Activity Investigation Instructions:

  • Review Kong Admin API logs for unauthorized or unusual configuration changes
  • Check for new services, routes, or plugins that were unexpectedly created
  • Monitor for changes to existing API configurations, especially authentication settings
  • Examine network traffic to the Kong Admin API for suspicious IP addresses or patterns
  • Verify if any consumers or credentials were created or modified without authorization

Mitigation Instructions:

  • Immediately rotate the Kong Admin token by generating a new one
  • Update the Kong configuration file to use the new token
  • Restart the Kong service to apply the changes
  • Review and revert any unauthorized changes made to your Kong configuration
  • Implement stricter access controls for the Kong Admin API, such as IP restrictions
  • Consider enabling RBAC (Role-Based Access Control) if using Kong Enterprise
  • Set up monitoring and alerting for Kong Admin API access and changes