Skip to content

Prismic Access Token

Service Name: Prismic

Service Description: Prismic is a headless Content Management System (CMS) that provides a content infrastructure for websites and applications. It allows developers to build websites and apps with a structured content approach, while enabling content teams to manage content through a user-friendly interface.

Service Address: https://prismic.io/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to Prismic repositories and content. Access tokens can have different permission levels including read-only or write access to specific repositories.

Secret Revokement URL: https://prismic.io/dashboard/settings/api/

Secret Example: MC5ZbGJNV1JFQUFDZ0FLYmhf.77-977-977-9Iu-_ve-_ve- _vVzvv73vv73vv73vv70g77-977-977-9NO-_ve-_vRbvv70

Suspicious Activity Investigation Instructions:

  • Review Prismic dashboard for unusual content changes or repository access
  • Check API request logs for unexpected or unauthorized access patterns
  • Monitor for content modifications or publishing activities that weren't authorized
  • Review repository settings for any unauthorized changes to webhooks or integrations
  • Check for unexpected user invitations or permission changes

Mitigation Instructions:

  • Log in to your Prismic dashboard at https://prismic.io/dashboard

  • Navigate to Settings > API & Security

  • Locate the compromised access token in the list
  • Click the "Revoke" button next to the token
  • Generate a new token with appropriate permissions if needed
  • Update the token in all legitimate applications that require access
  • Review and update security settings for your Prismic repository
  • Consider implementing webhook notifications for content changes to monitor

activity