StackPath API Key
Service Name: StackPath
Service Description: StackPath is a platform of secure edge services that enables developers to protect, accelerate, and innovate cloud properties ranging from websites to media delivery and IoT services. It provides CDN, WAF, DNS, and edge computing services.
Service Address: https://www.stackpath.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through the StackPath control panel.
Secret Access Scope: Grants programmatic access to StackPath's API, allowing management of CDN configurations, security settings, edge computing instances, and other StackPath services.
Secret Revokement URL: https://control.stackpath.com/account/api-management/
Secret Example: sk_live_1a2b3c4d5e6f7g8h9i0j
Suspicious Activity Investigation Instructions:
- Review API logs in the StackPath control panel for unusual activity or unauthorized access.
- Check for unexpected changes to CDN configurations, edge computing instances, or security settings.
- Monitor for unusual traffic patterns or resource usage that could indicate compromise.
- Verify if there are any unauthorized sites or services added to your account.
- Review billing information for unexpected charges that might indicate unauthorized usage.
Mitigation Instructions:
- Log in to the StackPath control panel at https://control.stackpath.com/
- Navigate to Account > API Management
- Locate the compromised API key and click "Revoke"
- Generate a new API key if needed
- Update any legitimate applications or services to use the new API key
- Review and update IP restrictions for API access if available
- Enable two-factor authentication for your StackPath account if not already enabled
- Review all account permissions and user access to ensure proper security controls