Skip to content

Unsplash API Key

Service Name: Unsplash

Service Description: Unsplash is a platform that provides high-quality, royalty-free stock photography. The Unsplash API allows developers to access and integrate Unsplash's vast library of photos into their applications, websites, or services.

Service Address: https://unsplash.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to Unsplash's photo library, including searching, downloading, and retrieving photo metadata. Depending on the access level, it may allow for creating collections, uploading photos, or managing user accounts.

Secret Revokement URL: https://unsplash.com/oauth/applications

Secret Example: Client-ID 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t

Suspicious Activity Investigation Instructions:

  • Review your Unsplash developer dashboard for unusual API usage patterns
  • Check for unexpected rate limit warnings or exceeded quotas
  • Monitor for unauthorized photo downloads or collections created
  • Review application logs for API calls you didn't initiate
  • Check if there are any changes to your application settings in the Unsplash developer portal

Mitigation Instructions:

  • Log in to your Unsplash developer account at https://unsplash.com/oauth/applications

  • Locate the compromised application in your list of applications

  • Generate a new access key to replace the compromised one
  • Update your application code with the new access key
  • Consider implementing additional security measures like environment variables

to store the key

  • Review your code repositories to ensure the API key isn't exposed in public

repositories

  • Update your application's security settings to restrict domains that can use your

API key