Skip to content

Split.io API Key

Service Name: Split.io

Service Description: Split.io is a feature flag and experimentation platform that helps development teams release features safely and measure impact. It enables controlled feature rollouts, A/B testing, and feature experimentation.

Service Address: https://www.split.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Split.io's security settings.

Secret Access Scope: Grants programmatic access to Split.io's API, allowing management of feature flags, segments, environments, and metrics collection.

Secret Revokement URL: https://help.split.io/hc/en-us/articles/360019916211-API-keys

Secret Example: sdk-abcdef1234567890abcdef1234567890

Suspicious Activity Investigation Instructions:

  • Review Split.io audit logs for unusual API calls or configuration changes
  • Check for unexpected feature flag changes or environment modifications
  • Monitor for unauthorized access to sensitive feature flags
  • Review traffic patterns and API usage for anomalies
  • Check for unusual split definitions or targeting rules changes

Mitigation Instructions:

  • Log in to your Split.io admin console
  • Navigate to the Admin Settings section
  • Select the API Keys tab

  • Locate the compromised API key

  • Click the Delete or Revoke button next to the key
  • Generate a new API key with appropriate permissions
  • Update all legitimate applications and services with the new API key
  • Review and update IP restrictions if available
  • Consider implementing more granular permissions for API keys
  • Review recent changes made using the compromised key and revert if

necessary