Skip to content

SSLMate API Key

Service Name: SSLMate

Service Description: SSLMate is a service that allows businesses to purchase, manage, and automate SSL/TLS certificates. It provides tools for certificate management, monitoring, and automation through its API.

Service Address: https://sslmate.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the SSLMate account settings

Secret Access Scope: Grants programmatic access to SSLMate API for certificate management, including purchasing, renewing, and revoking SSL certificates.

Secret Revokement URL: https://sslmate.com/account/api_credentials

Secret Example: sm_api_ZXhhbXBsZWtleWZvcnNzbG1hdGVhcGlrZXk

Suspicious Activity Investigation Instructions:

  • Review SSLMate account logs for unusual certificate issuance or management activities
  • Check for unauthorized certificate purchases or renewals
  • Monitor for unexpected certificate revocations
  • Verify if there are any certificates issued for domains not owned by your organization
  • Review API access logs for unusual patterns or access from unexpected locations

Mitigation Instructions:

  • Log in to your SSLMate account at https://sslmate.com/account
  • Navigate to API Credentials section

  • Revoke the compromised API key by clicking the "Revoke" button next to it

  • Generate a new API key if needed
  • Update all applications and services using the old API key with the new one
  • Consider implementing IP restrictions for API access if not already in place
  • Review and update access controls for who can view and use API credentials
  • Enable notifications for certificate issuance and other important events