Riot Games API Key
Service Name: Riot Games API
Service Description: Riot Games API provides developers with access to game data from Riot Games titles such as League of Legends, Teamfight Tactics, Legends of Runeterra, and VALORANT. It allows developers to create applications, websites, and tools that integrate with Riot Games' data.
Service Address: https://developer.riotgames.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Riot Developer Portal. Each API key can be restricted to specific IP addresses.
Secret Access Scope: Grants access to various Riot Games APIs including game data, match history, summoner information, and other game-related endpoints. Access is limited by rate limits that vary based on the type of API key (development or production).
Secret Revokement URL: https://developer.riotgames.com/app-type
Secret Example: RGAPI-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Suspicious Activity Investigation Instructions:
-
Check the Riot Developer Portal for unusual API usage patterns or rate limit violations.
-
Review application logs for unauthorized API calls using your key.
-
Verify if the API key has been used from unexpected geographic locations or IP addresses.
-
Monitor for any applications or services using your API key that you did not authorize.
-
Check if there are any violations of Riot Games API Terms of Service associated with your key.
Mitigation Instructions:
-
Log in to the Riot Developer Portal at
https://developer.riotgames.com/. -
Navigate to your applications dashboard.
-
Locate the compromised API key.
-
Click on "Regenerate API Key" to invalidate the old key and generate a new one.
-
Update your application(s) with the new API key.
-
Consider implementing more restrictive IP address limitations for your API key.
-
Review and update your code to ensure the API key is not exposed in client-side code or public repositories.
-
Implement proper API key rotation practices to regularly change your keys.