Skip to content

Storyblok API Key

Service Name: Storyblok

Service Description: Storyblok is a headless content management system (CMS) that provides a visual editor and structured content management for websites and digital experiences. It allows developers and content creators to collaborate on content that can be delivered to any platform via API.

Service Address: https://www.storyblok.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Storyblok's security settings.

Secret Access Scope: Grants programmatic access to Storyblok's content delivery API or management API, allowing read or read/write access to content, assets, and space settings depending on the token type.

Secret Revokement URL: https://app.storyblok.com/#/me/account?tab=tokens

Secret Example: xSTORYBLOKx123456789abcdefghijklmnopqrstuvwxyz123456789

Suspicious Activity Investigation Instructions:

  • Review the API access logs in your Storyblok dashboard for unusual activity.
  • Check for unauthorized content changes or publishing activities.
  • Monitor for unexpected API calls, especially those modifying content or settings.
  • Verify if there are any new webhooks or integrations that were not authorized.
  • Look for access from unusual geographic locations or IP addresses.

Mitigation Instructions:

  • Log in to your Storyblok account at https://app.storyblok.com/.
  • Navigate to your user profile by clicking on your avatar in the top right corner.
  • Select "Account" from the dropdown menu.
  • Go to the "Personal Access Tokens" tab.
  • Find the compromised token and click the delete button next to it.
  • Generate a new token with appropriate permissions if needed.
  • Update the token in all legitimate applications and services.
  • Review and update your security settings, including enabling two-factor authentication if not already enabled.