Rainforest QA API Key
Service Name: Rainforest QA
Service Description: Rainforest QA is a no-code test automation platform that allows teams to quickly create and execute tests for web and mobile applications. It combines automated testing with human testers to provide comprehensive quality assurance solutions.
Service Address: https://www.rainforestqa.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through the Rainforest QA dashboard.
Secret Access Scope: Grants programmatic access to Rainforest QA's API, allowing users to create, manage, and run tests, retrieve test results, and manage resources within the Rainforest QA platform.
Secret Revokement URL: https://app.rainforestqa.com/settings/integrations
Secret Example: rf_api_key_123456789abcdefghijklmnopqrstuvwxyz
Suspicious Activity Investigation Instructions:
- Review the Rainforest QA dashboard for unusual test runs or newly created tests.
- Check API logs for unexpected API calls or access patterns.
- Monitor for unauthorized test executions or modifications to existing test suites.
- Examine the history of test runs to identify any tests executed outside of normal business hours.
- Review user activity logs to identify potential unauthorized access.
Mitigation Instructions:
- Log in to your Rainforest QA account at https://app.rainforestqa.com/.
- Navigate to Settings > Integrations.
- Locate the compromised API key and click "Revoke" or "Delete".
- Generate a new API key if needed.
- Update any legitimate applications or services that were using the old API key.
- Review and update access permissions for users who have access to API keys.
- Consider implementing IP restrictions for API access if available.
- Enable notifications for key security events if supported by Rainforest QA.