Skip to content

OpsGenie API Key

Service Name: OpsGenie

Service Description: OpsGenie is an incident management and alerting platform that helps DevOps and IT operations teams manage critical incidents, notify the right people, and streamline on-call schedules and escalations.

Service Address: https://www.atlassian.com/software/opsgenie

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through OpsGenie's IP filtering feature.

Secret Access Scope: Grants programmatic access to OpsGenie's API, allowing management of alerts, incidents, on-call schedules, and integrations.

Secret Revokement URL: https://support.atlassian.com/opsgenie/docs/manage-api-keys/

Secret Example: 123e4567-e89b-12d3-a456-426614174000

Suspicious Activity Investigation Instructions:

  • Review OpsGenie audit logs for unusual API calls or activities
  • Check for unauthorized alert creations, modifications, or deletions
  • Monitor for changes to on-call schedules or escalation policies
  • Look for new or modified integrations
  • Verify if there are any unexpected team or user permission changes

Mitigation Instructions:

  • Log in to your OpsGenie account as an admin
  • Navigate to Settings > API Key Management
  • Locate the compromised API key

  • Click "Delete" to revoke the key immediately

  • Create a new API key with appropriate permissions if needed
  • Update all legitimate applications and services with the new API key
  • Review and update IP filtering settings to restrict API access to trusted IP

addresses

  • Consider implementing role-based access control to limit API key permissions