Skip to content

Sisense API Key

Service Name: Sisense

Service Description: Sisense is a business intelligence (BI) and analytics platform that allows organizations to analyze, visualize, and share insights from complex data. It enables users to build interactive dashboards and reports from multiple data sources.

Service Address: https://www.sisense.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the Sisense server level through the Admin Console.

Secret Access Scope: Grants programmatic access to Sisense APIs, allowing users to manage dashboards, datasets, users, and perform data queries.

Secret Revokement URL: https://documentation.sisense.com/docs/managing-api-keys

Secret Example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoic2lzZW5zZV9hZG1pbiIsImFwaSI6InRydWUiLCJpYXQiOjE2MTIzNDU2Nzh9.EXAMPLE_KEY

Suspicious Activity Investigation Instructions:

  • Review Sisense audit logs for unusual API calls or data access patterns
  • Check for unauthorized dashboard or data model creation/modification
  • Monitor for unusual data export activities or high-volume queries
  • Verify if there are any new user accounts created or permission changes
  • Look for API calls from unfamiliar IP addresses or outside normal business hours

Mitigation Instructions:

  • Log in to your Sisense Admin Console
  • Navigate to the "REST API" section under Administration
  • Locate the compromised API key and click "Revoke"
  • Generate a new API key if needed
  • Update any legitimate applications using the old key with the new key
  • Consider implementing IP restrictions for API access
  • Review and adjust user permissions to enforce the Principle of Least Privilege.
  • Enable audit logging for all API activities if not already enabled
  • Consider implementing shorter expiration times for future API keys