Skip to content

SwaggerHub API Key

Service Name: SwaggerHub

Service Description: SwaggerHub is a platform for API design and documentation, allowing teams to collaborate on API development using the OpenAPI (formerly Swagger) specification. It provides tools for designing, documenting, and managing APIs throughout their lifecycle.

Service Address: https://swagger.io/tools/swaggerhub/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level for enterprise accounts

Secret Access Scope: Grants access to create, read, update, and delete APIs and domains within a SwaggerHub account. Allows API management operations including versioning, publishing, and integration with other tools.

Secret Revokement URL: https://app.swaggerhub.com/settings/apiKey

Secret Example: shk_abcdef123456789abcdef123456789abcdef1234

Suspicious Activity Investigation Instructions:

  • Review the API activity logs in SwaggerHub to identify unauthorized access or modifications
  • Check for unexpected API definitions or versions that have been created or modified
  • Look for unusual API publishing or sharing activities
  • Monitor for unexpected integrations or webhooks that may have been configured
  • Review organization members and their access levels for any unauthorized additions

Mitigation Instructions:

  • Log in to your SwaggerHub account and navigate to Settings
  • Go to the API Keys section
  • Delete the compromised API key
  • Generate a new API key with appropriate permissions
  • Update any legitimate integrations or applications to use the new API key
  • Review and adjust access permissions for your APIs and organization
  • Consider enabling additional security features like IP restrictions if available on your plan
  • Review audit logs to understand the scope of potential compromise