Skip to content

Wistia API Token

Service Name: Wistia

Service Description: Wistia is a video hosting platform designed for businesses, offering analytics, video marketing tools, and integration capabilities for websites and marketing platforms.

Service Address: https://wistia.com/

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but Wistia offers domain restrictions for video access.

Secret Access Scope: Grants programmatic access to Wistia's API, allowing management of videos, projects, customization options, and access to analytics data.

Secret Revokement URL: https://my.wistia.com/account/api

Secret Example: wistia_api_token_12345abcdef6789ghijklmnopqrstuvwxyz0123

Suspicious Activity Investigation Instructions:

  • Review Wistia account activity logs for unusual video uploads, deletions, or modifications.
  • Check for unexpected changes to video privacy settings or domain restrictions.
  • Monitor for unusual API calls or access patterns from unfamiliar IP addresses.
  • Verify if there are any new integrations or third-party connections established.
  • Review video analytics for unusual viewing patterns or access from unexpected locations.

Mitigation Instructions:

  • Log in to your Wistia account and navigate to Account > Settings > API Access.
  • Revoke the compromised API token by clicking the "Regenerate" button.
  • Create a new API token if needed for legitimate applications.
  • Review all integrations and third-party applications with access to your Wistia account.
  • Consider implementing domain restrictions for your videos if not already in place.
  • Update passwords for your Wistia account and any connected services.
  • Monitor account activity for a period after token replacement to ensure no unauthorized access continues.