Skip to content

Vercel API Access Token

Service Name: Vercel

Service Description: Vercel is a cloud platform for static sites and Serverless Functions that enables developers to host websites and web services that deploy instantly, scale automatically, and require no supervision.

Service Address: https://vercel.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the team level for API access in Enterprise plans.

Secret Access Scope: Grants programmatic access to Vercel API, allowing deployment management, project configuration, domain management, and team settings based on the token's scope.

Secret Revokement URL: https://vercel.com/account/tokens

Secret Example: VERCELtoken_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH

Suspicious Activity Investigation Instructions:

  • Review Vercel deployment logs for unauthorized deployments or configuration changes.
  • Check Vercel activity logs for unusual API calls or access patterns.
  • Monitor for unexpected project creations, domain changes, or team membership modifications.
  • Verify if there are any unexpected integrations or webhooks configured.
  • Review billing information for unexpected usage spikes that might indicate abuse.

Mitigation Instructions:

  • Log in to your Vercel account and navigate to https://vercel.com/account/tokens.
  • Locate the compromised token in the list of Personal Access Tokens.
  • Click the "Delete" button next to the compromised token.
  • Create a new token with appropriate scopes if needed.
  • Update any legitimate applications or CI/CD pipelines with the new token.
  • Review and update any project settings that may have been modified.
  • Consider enabling two-factor authentication for your Vercel account if not already enabled.
  • For team accounts, review team member access and permissions.