Skip to content

Segment API Secret Key

Service Name: Segment

Service Description: Segment is a customer data platform (CDP) that helps businesses collect, clean, and control their customer data. It enables companies to send data to analytics tools, marketing platforms, and data warehouses.

Service Address: https://segment.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the workspace level through Segment's access management settings.

Secret Access Scope: Grants programmatic access to Segment's API, allowing data ingestion, source and destination configuration, and workspace management.

Secret Revokement URL: https://app.segment.com/workspaces/[workspace-id]/settings/access-management/

Secret Example: 7XxuEMcnQLmzR4Ky9JHgDpvqIQOY6XLa

Suspicious Activity Investigation Instructions:

  • Review Segment audit logs for unusual API calls or configuration changes.
  • Check for unexpected sources or destinations being added to your workspace.
  • Monitor for unusual data volumes or patterns being sent through Segment.
  • Verify if there are any unauthorized workspace members or API keys created.
  • Examine tracking plans for unauthorized modifications.

Mitigation Instructions:

  • Log in to your Segment workspace at app.segment.com.
  • Navigate to Settings > Access Management.
  • Locate the compromised API key in the list.
  • Click the Revoke button next to the key.
  • Create a new API key with appropriate permissions if needed.
  • Update any legitimate applications or services that were using the revoked key.
  • Review and update IP restrictions for your workspace if applicable.
  • Enable two-factor authentication for all workspace members.