Stoplight API Token
Service Name: Stoplight
Service Description: Stoplight is an API design, documentation, and governance platform that helps teams build better APIs. It provides tools for designing, documenting, testing, and governing APIs throughout their lifecycle.
Service Address: https://stoplight.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level in Stoplight's security settings.
Secret Access Scope: Grants programmatic access to Stoplight's API, allowing users to manage API designs, documentation, and other resources within their Stoplight workspace.
Secret Revokement URL: https://stoplight.io/settings/tokens
Secret Example: sl.o2abcd3.56defghi7jklmno8pqrst9uvwxyz0123456789abcdef
Suspicious Activity Investigation Instructions:
- Review the Stoplight audit logs for unusual API calls or resource access.
- Check for unauthorized modifications to API designs or documentation.
- Look for unexpected changes to workspace settings or user permissions.
- Monitor for unusual access patterns or access from unfamiliar locations.
- Review recent API activity for any suspicious operations.
Mitigation Instructions:
- Log in to your Stoplight account at https://stoplight.io/.
- Navigate to your user settings by clicking on your profile icon in the top right corner.
- Select "Settings" from the dropdown menu.
- Go to the "Personal Access Tokens" section.
- Find the compromised token and click the "Revoke" button next to it.
- Create a new token if needed, with appropriate scopes and permissions.
- Update any applications or services that were using the old token.
- Review workspace permissions and ensure they follow the Principle of Least Privilege.
- Consider enabling additional security features like two-factor authentication if available.