Skip to content

Netlify API Token

Service Name: Netlify

Service Description: Netlify is a web development platform that offers hosting and serverless backend services for web applications and static websites. It provides continuous deployment from Git across a global application delivery network, serverless form handling, and serverless functions.

Service Address: https://www.netlify.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the team level for accessing the Netlify UI and API. Site-specific access controls are also available.

Secret Access Scope: Grants programmatic access to Netlify resources including sites, domains, DNS settings, forms, functions, and team management capabilities.

Secret Revokement URL: https://app.netlify.com/user/applications

Secret Example: ntl_1a2b3c4d5e6f7g8h9i0j

Suspicious Activity Investigation Instructions:

  • Review the Netlify audit logs for unusual site deployments or configuration changes
  • Check for unauthorized site creations or modifications
  • Monitor for unexpected domain or DNS changes
  • Look for unusual API calls or access patterns from unfamiliar IP addresses
  • Verify if any unauthorized team members were added

Mitigation Instructions:

  • Log in to your Netlify account at https://app.netlify.com/
  • Navigate to User Settings > Applications

  • Locate the compromised personal access token

  • Click "Revoke" next to the token
  • Generate a new token with appropriate scopes if needed
  • Review and update any CI/CD pipelines or applications using the old token
  • Consider implementing more granular scopes for new tokens
  • Enable two-factor authentication for your Netlify account if not already enabled