Skip to content

Webex App Keys

Service Name: Cisco Webex

Service Description: Cisco Webex is a cloud-based collaboration platform that provides video conferencing, online meetings, screen sharing, webinars, and messaging services for businesses and organizations.

Service Address: https://developer.webex.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Cisco Webex Control Hub.

Secret Access Scope: Grants programmatic access to Webex APIs, allowing applications to interact with Webex services, manage meetings, access user information, and perform administrative functions depending on the permissions granted.

Secret Revokement URL: https://developer.webex.com/my-apps

Secret Example: Y2lzY29zcGFyazovL3VzL0FQUExJQ0FUSU9OL0NhYzlkYjgwYWRlZTQ5MGJiMGMzZmFkZjgxOW JhMzFiZjRhOWExNDdhOTVlNGFkYzk4YWFiZGVkYjZhMzgwYWY

Suspicious Activity Investigation Instructions:

  • Review the Webex Control Hub audit logs for unusual API calls or access patterns
  • Check for unauthorized integrations or applications connected to your Webex account
  • Monitor for unusual meeting creation, user management, or messaging activities
  • Verify if there are any unexpected changes to organization settings or permissions

  • Check for unusual geographic access locations or times

Mitigation Instructions:

  • Log in to the Webex Developer Portal at https://developer.webex.com/
  • Navigate to "My Apps" section
  • Locate the compromised application
  • Click on the application and select "Regenerate Secret" to invalidate the current key
  • Alternatively, delete the application entirely if it's no longer needed
  • Update any legitimate applications with the new credentials
  • Review and adjust the application's scopes and permissions to follow the principle of least privilege
  • Enable additional security measures like IP restrictions through Webex Control Hub if available