Skip to content

TestRail API Key

Service Name: TestRail

Service Description: TestRail is a comprehensive test case management tool that helps teams manage and track their software testing efforts. It allows teams to create test cases, organize test suites, execute test runs, and generate reports.

Service Address: https://www.gurock.com/testrail/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the TestRail instance level through admin settings.

Secret Access Scope: Grants programmatic access to TestRail's API, allowing users to create, read, update, and delete test cases, test runs, test results, and other TestRail resources.

Secret Revokement URL: https://[your-instance].testrail.io/index.php?/admin/users/edit

Secret Example: dGVzdHJhaWxhcGlrZXk6YWJjMTIzZGVmNDU2Z2hpNzg5

Suspicious Activity Investigation Instructions:

  • Review TestRail audit logs for unusual API calls or resource access.
  • Check for unexpected test case modifications, deletions, or additions.
  • Monitor for unauthorized test run creations or result submissions.
  • Look for API requests from unusual IP addresses or outside normal business hours.
  • Verify if there are any automated scripts or integrations using the API key that you don't recognize.

Mitigation Instructions:

  • Log in to your TestRail instance as an administrator.
  • Navigate to Administration > Users & Roles.
  • Find the user associated with the compromised API key.
  • Click on the user and select "Edit".
  • Under the API Keys section, delete the compromised API key.
  • Generate a new API key if needed.
  • Update any legitimate integrations or scripts with the new API key.
  • Consider implementing IP restrictions for API access if available in your TestRail plan.
  • Review user permissions to ensure they follow the Principle of Least Privilege.