Netlify API Token
Service Name: Netlify
Service Description: Netlify is a web development platform that offers hosting and serverless backend services for web applications and static websites. It provides continuous deployment from Git across a global application delivery network, serverless form handling, and serverless functions.
Service Address: https://www.netlify.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the team level for accessing the Netlify UI and API. Site-specific access controls are also available.
Secret Access Scope: Grants programmatic access to Netlify resources including sites, domains, DNS settings, forms, functions, and team management capabilities.
Secret Revokement URL: https://app.netlify.com/user/applications
Secret Example: ntl_1a2b3c4d5e6f7g8h9i0j
Suspicious Activity Investigation Instructions:
- Review the Netlify audit logs for unusual site deployments or configuration changes
- Check for unauthorized site creations or modifications
- Monitor for unexpected domain or DNS changes
- Look for unusual API calls or access patterns from unfamiliar IP addresses
- Verify if any unauthorized team members were added
Mitigation Instructions:
- Log in to your Netlify account at https://app.netlify.com/
-
Navigate to User Settings > Applications
-
Locate the compromised personal access token
- Click "Revoke" next to the token
- Generate a new token with appropriate scopes if needed
- Review and update any CI/CD pipelines or applications using the old token
- Consider implementing more granular scopes for new tokens
- Enable two-factor authentication for your Netlify account if not already enabled