Skip to content

Stoplight API Token

Service Name: Stoplight

Service Description: Stoplight is an API design, documentation, and governance platform that helps teams build better APIs. It provides tools for designing, documenting, testing, and governing APIs throughout their lifecycle.

Service Address: https://stoplight.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level in Stoplight's security settings.

Secret Access Scope: Grants programmatic access to Stoplight's API, allowing users to manage API designs, documentation, and other resources within their Stoplight workspace.

Secret Revokement URL: https://stoplight.io/settings/tokens

Secret Example: sl.o2abcd3.56defghi7jklmno8pqrst9uvwxyz0123456789abcdef

Suspicious Activity Investigation Instructions:

  • Review the Stoplight audit logs for unusual API calls or resource access.
  • Check for unauthorized modifications to API designs or documentation.
  • Look for unexpected changes to workspace settings or user permissions.
  • Monitor for unusual access patterns or access from unfamiliar locations.
  • Review recent API activity for any suspicious operations.

Mitigation Instructions:

  • Log in to your Stoplight account at https://stoplight.io/.
  • Navigate to your user settings by clicking on your profile icon in the top right corner.
  • Select "Settings" from the dropdown menu.
  • Go to the "Personal Access Tokens" section.
  • Find the compromised token and click the "Revoke" button next to it.
  • Create a new token if needed, with appropriate scopes and permissions.
  • Update any applications or services that were using the old token.
  • Review workspace permissions and ensure they follow the Principle of Least Privilege.
  • Consider enabling additional security features like two-factor authentication if available.