Skip to content

Sanity API Token

Service Name: Sanity.io

Service Description: Sanity.io is a headless content management system (CMS) platform that provides a structured content infrastructure for digital experiences. It offers a real-time editing environment and APIs for delivering content to websites, apps, and other digital platforms.

Service Address: https://www.sanity.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the project level through CORS settings and API security configurations.

Secret Access Scope: Grants programmatic access to read, write, and manage content in a Sanity project. The specific permissions depend on the token type (read, write, or admin).

Secret Revokement URL: https://www.sanity.io/manage/projects

Secret Example: skQGJaXmPYOQsWEXmQLOIuODDsuIQ1JRZHlYFBMRw8j9Vn4RJpQZbN7iDgRMwXxx

Suspicious Activity Investigation Instructions:

  • Review the Sanity project's audit logs for unusual content modifications or API calls.
  • Check for unexpected content changes or deletions in your Sanity datasets.
  • Monitor for unusual API request patterns or access from unfamiliar locations.
  • Verify if there are any new users or tokens created without authorization.
  • Examine the token's usage history and access patterns through Sanity's management console.

Mitigation Instructions:

  • Log in to your Sanity management console at https://www.sanity.io/manage.
  • Navigate to your project settings.
  • Go to the "API" or "Tokens" section.
  • Locate the compromised token in the list.
  • Click on the "Revoke" or "Delete" button next to the token.
  • Create a new token with appropriate permissions if needed.
  • Update any applications or services using the old token with the new one.
  • Consider implementing more restrictive CORS settings to limit access to your Sanity project.
  • Review and update your token management practices to prevent future exposures.