Oracle API Gateway API Key
Service Name: Oracle Cloud Infrastructure API Gateway
Service Description: Oracle API Gateway is a fully managed service that enables you to publish APIs with private endpoints that are accessible from within your network, and public endpoints that are accessible from the internet. The service provides control over API execution by ensuring that only authorized users can access your APIs.
Service Address: https://www.oracle.com/cloud/api-management/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the API Gateway level through Oracle Cloud Infrastructure policies and network security groups.
Secret Access Scope: Grants access to specific APIs published through Oracle API Gateway with permissions defined by the associated policies.
Secret Revokement URL: https://docs.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewaycreatingkeys.htm
Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJvcmFjbGVfYXBpX2dhdGV3YXkiL CJpc3MiOiJvcmFjbGUiLCJpYXQiOjE2MTIzNDU2Nzh9.EXAMPLE_KEY_SIGNATURE
Suspicious Activity Investigation Instructions:
- Review API Gateway logs for unusual access patterns or unauthorized API calls
- Check for unexpected traffic spikes or calls from unusual geographic locations
- Monitor for attempts to access restricted endpoints or resources
- Review Oracle Cloud Infrastructure audit logs for changes to API Gateway configurations
- Check for unauthorized modifications to API policies or deployments
Mitigation Instructions:
- Immediately revoke the compromised API key through the Oracle Cloud Console
- Navigate to API Gateway service in the Oracle Cloud Console
- Select the relevant API Gateway and go to the "API Keys" section
- Locate the compromised key and select "Delete" or "Revoke"
- Generate a new API key with appropriate permissions
- Update any legitimate applications to use the new API key
- Consider implementing additional security measures such as rate limiting and request validation
- Review and update API Gateway policies to restrict access as needed
- Enable more detailed logging for future monitoring