Testim API Key
Service Name: Testim
Service Description: Testim is an AI-powered test automation platform that enables teams to create, execute, and maintain automated tests for web applications. It uses machine learning to create stable tests that can withstand changes in the application's UI.
Service Address: https://www.testim.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Testim's security settings.
Secret Access Scope: Grants programmatic access to Testim's API, allowing users to create, run, and manage automated tests, access test results, and integrate with CI/CD pipelines.
Secret Revokement URL: https://help.testim.io/docs/api-keys
Secret Example: tim_1a2b3c4d5e6f7g8h9i0j_abcdefghijklmnopqrstuvwxyz123456
Suspicious Activity Investigation Instructions:
- Review Testim logs for unusual test executions or API calls.
- Check for unauthorized test creations or modifications.
- Monitor for unusual access patterns or login attempts.
- Review integration activity with CI/CD systems.
- Check for tests being run from unexpected locations or IP addresses.
Mitigation Instructions:
- Log in to your Testim account and navigate to the account settings.
-
Go to the API Keys section.
-
Identify the compromised API key and click on the revoke/delete button.
- Generate a new API key if needed.
- Update the API key in all legitimate integrations and CI/CD pipelines.
- Review and update access permissions for team members.
- Consider implementing IP restrictions for API access if not already in place.