Unsplash Access Key
Service Name: Unsplash
Service Description: Unsplash is a platform that provides high-quality, royalty-free stock photography. It offers an API that allows developers to integrate Unsplash's photo library into their applications, websites, and services.
Service Address: https://unsplash.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to the Unsplash API, allowing applications to search, download, and use Unsplash's photo library programmatically. Different access levels may exist depending on the application's registration tier.
Secret Revokement URL: https://unsplash.com/oauth/applications
Secret Example: Client-ID 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t
Suspicious Activity Investigation Instructions:
- Check your Unsplash developer dashboard for unusual API usage patterns
- Review API logs for unexpected requests or high volumes of traffic
- Monitor for requests from unexpected geographic locations
- Check for API rate limit warnings or violations
- Review application statistics for unusual photo download patterns
Mitigation Instructions:
- Log in to your Unsplash developer account at https://unsplash.com/oauth/applications
- Locate the compromised application in your list of registered applications
-
Click on the application to access its settings
-
Click "Regenerate keys" to invalidate the current access key
- Update your application code with the new access key
- Consider implementing additional security measures such as request throttling
- Review your code to ensure the access key is not exposed in client-side code
or public repositories