Skip to content

PagerDuty Authorization Token

Service Name: PagerDuty

Service Description: PagerDuty is an incident management platform that provides reliable notifications, automatic escalations, on-call scheduling, and other functionality to help teams detect and fix infrastructure problems quickly.

Service Address: https://www.pagerduty.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through PagerDuty's IP Access Control feature.

Secret Access Scope: Grants programmatic access to PagerDuty's API, allowing management of incidents, services, schedules, and users based on the permissions of the associated user account.

Secret Revokement URL: https://support.pagerduty.com/docs/generating-api-keys#revoking-api-keys

Secret Example: y_NbAkKc66ryYTWUXYEu

Suspicious Activity Investigation Instructions:

  • Review the PagerDuty audit logs for unusual API calls or activity
  • Check for unauthorized incident creation, modification, or resolution
  • Monitor for changes to escalation policies, schedules, or user permissions
  • Look for API access from unusual IP addresses or locations
  • Verify if there are any new integrations or services added without authorization

Mitigation Instructions:

  • Log in to your PagerDuty account as an administrator
  • Navigate to Configuration → API Access

  • Locate the compromised API key

  • Click the "Revoke" button next to the key
  • Generate a new API key if needed
  • Update all legitimate applications and integrations with the new key
  • Consider implementing IP restrictions for API access through PagerDuty's IP

Access Control feature

  • Review user permissions to ensure they follow the principle of least privilege