Vercel API Access Token
Service Name: Vercel
Service Description: Vercel is a cloud platform for static sites and Serverless Functions that enables developers to host websites and web services that deploy instantly, scale automatically, and require no supervision.
Service Address: https://vercel.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the team level for API access in Enterprise plans.
Secret Access Scope: Grants programmatic access to Vercel API, allowing deployment management, project configuration, domain management, and team settings based on the token's scope.
Secret Revokement URL: https://vercel.com/account/tokens
Secret Example: VERCELtoken_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGH
Suspicious Activity Investigation Instructions:
- Review Vercel deployment logs for unauthorized deployments or configuration changes.
- Check Vercel activity logs for unusual API calls or access patterns.
- Monitor for unexpected project creations, domain changes, or team membership modifications.
- Verify if there are any unexpected integrations or webhooks configured.
- Review billing information for unexpected usage spikes that might indicate abuse.
Mitigation Instructions:
- Log in to your Vercel account and navigate to https://vercel.com/account/tokens.
- Locate the compromised token in the list of Personal Access Tokens.
- Click the "Delete" button next to the compromised token.
- Create a new token with appropriate scopes if needed.
- Update any legitimate applications or CI/CD pipelines with the new token.
- Review and update any project settings that may have been modified.
- Consider enabling two-factor authentication for your Vercel account if not already enabled.
- For team accounts, review team member access and permissions.