Skip to content

New Relic API Service Key

Service Name: New Relic

Service Description: New Relic is an observability platform that helps engineers plan, build, deploy, and run software. It provides application performance monitoring, infrastructure monitoring, digital experience monitoring, and applied intelligence capabilities.

Service Address: https://newrelic.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through New Relic's API Keys management interface.

Secret Access Scope: New Relic API Service Keys provide full access to the New Relic REST API, allowing users to query and modify data within their New Relic account, including metrics, events, logs, and configuration settings.

Secret Revokement URL: https://one.newrelic.com/admin-portal/api-keys

Secret Example: NRAK-3XXXXXXXXXXXXXXXXXXXXXXXXX

Suspicious Activity Investigation Instructions:

  • Review the New Relic audit log for unusual API calls or data access patterns
  • Check for unexpected changes to alert configurations, dashboards, or monitors
  • Look for unusual data queries or high volumes of API requests
  • Verify if there are any new integrations or webhooks that were recently added
  • Monitor for unauthorized access to sensitive application data

Mitigation Instructions:

  • Log in to your New Relic account and navigate to the API Keys management page

  • Identify the compromised API Service Key

  • Delete the compromised key immediately
  • Create a new API Service Key with appropriate permissions
  • Update any legitimate applications or services that were using the old key
  • Review and update your key rotation policies
  • Consider implementing more restrictive permissions for new keys
  • Enable notifications for API key usage and creation events