Unsplash API Key
Service Name: Unsplash
Service Description: Unsplash is a platform that provides high-quality, royalty-free stock photography. The Unsplash API allows developers to access and integrate Unsplash's vast library of photos into their applications, websites, or services.
Service Address: https://unsplash.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants programmatic access to Unsplash's photo library, including searching, downloading, and retrieving photo metadata. Depending on the access level, it may allow for creating collections, uploading photos, or managing user accounts.
Secret Revokement URL: https://unsplash.com/oauth/applications
Secret Example: Client-ID 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t
Suspicious Activity Investigation Instructions:
- Review your Unsplash developer dashboard for unusual API usage patterns
- Check for unexpected rate limit warnings or exceeded quotas
- Monitor for unauthorized photo downloads or collections created
- Review application logs for API calls you didn't initiate
- Check if there are any changes to your application settings in the Unsplash developer portal
Mitigation Instructions:
-
Log in to your Unsplash developer account at https://unsplash.com/oauth/applications
-
Locate the compromised application in your list of applications
- Generate a new access key to replace the compromised one
- Update your application code with the new access key
- Consider implementing additional security measures like environment variables
to store the key
- Review your code repositories to ensure the API key isn't exposed in public
repositories
- Update your application's security settings to restrict domains that can use your
API key