Redocly API Key
Service Name: Redocly
Service Description: Redocly is a platform that provides tools for API documentation, design, and governance. It helps organizations build, manage, and publish API documentation with features like OpenAPI validation, documentation portals, and collaborative workflows.
Service Address: https://redocly.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Redocly's security settings.
Secret Access Scope: Grants programmatic access to Redocly's API services, allowing users to manage API documentation, validate OpenAPI specifications, and interact with Redocly's platform services.
Secret Revokement URL: https://redocly.com/docs/api-reference/organization-api-keys/
Secret Example: redocly_api_key_123456789abcdefghijklmnopqrstuvwxyz
Suspicious Activity Investigation Instructions:
-
Review Redocly account activity logs for unusual API calls or documentation changes
-
Check for unauthorized modifications to API documentation or specifications
-
Monitor for unexpected API key usage patterns or access from unusual locations
-
Verify if there have been any new API portals created or existing ones modified without authorization
-
Review organization member activities to identify potential unauthorized access
Mitigation Instructions:
-
Log in to your Redocly account and navigate to the organization settings
-
Go to the API Keys section in your organization dashboard
-
Identify the compromised API key and click on the delete/revoke button
-
Generate a new API key if needed for legitimate services
-
Update the API key in all authorized applications and services
-
Consider implementing IP restrictions for the new API key
-
Review and update access permissions for organization members
-
Enable additional security features like two-factor authentication if available