Skip to content

PagerDuty API Key

Service Name: PagerDuty

Service Description: PagerDuty is an incident management platform that provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.

Service Address: https://www.pagerduty.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through PagerDuty's IP Access Control feature.

Secret Access Scope: Grants programmatic access to PagerDuty resources including incidents, services, schedules, and users based on the API key's permissions.

Secret Revokement URL: https://support.pagerduty.com/docs/api-access-keys#revoke-an-api-key

Secret Example: y_NbAkKc66ryYTWUXYEu

Suspicious Activity Investigation Instructions:

  • Review PagerDuty audit logs for unusual API calls or resource access.
  • Check for unauthorized incident creation, resolution, or modification.
  • Monitor for changes to escalation policies, schedules, or user permissions.
  • Look for API requests from unusual IP addresses or locations.
  • Verify if there are any new integrations or webhooks that were recently added.

Mitigation Instructions:

  • Log in to your PagerDuty account as an administrator.
  • Navigate to Configuration > API Access.
  • Locate the compromised API key in the list.
  • Click the Revoke button next to the key.
  • Create a new API key with appropriate permissions if needed.
  • Update any legitimate applications or integrations with the new API key.
  • Consider implementing IP restrictions for API access through PagerDuty's IP Access Control feature.
  • Review and update user permissions to enforce the Principle of Least Privilege.