Wistia API Token
Service Name: Wistia
Service Description: Wistia is a video hosting platform designed for businesses, offering analytics, video marketing tools, and integration capabilities for websites and marketing platforms.
Service Address: https://wistia.com/
Validation Type: API Auth
IP Allow list: Does not exist at the token level, but Wistia offers domain restrictions for video access.
Secret Access Scope: Grants programmatic access to Wistia's API, allowing management of videos, projects, customization options, and access to analytics data.
Secret Revokement URL: https://my.wistia.com/account/api
Secret Example: wistia_api_token_12345abcdef6789ghijklmnopqrstuvwxyz0123
Suspicious Activity Investigation Instructions:
- Review Wistia account activity logs for unusual video uploads, deletions, or modifications.
- Check for unexpected changes to video privacy settings or domain restrictions.
- Monitor for unusual API calls or access patterns from unfamiliar IP addresses.
- Verify if there are any new integrations or third-party connections established.
- Review video analytics for unusual viewing patterns or access from unexpected locations.
Mitigation Instructions:
- Log in to your Wistia account and navigate to Account > Settings > API Access.
- Revoke the compromised API token by clicking the "Regenerate" button.
- Create a new API token if needed for legitimate applications.
- Review all integrations and third-party applications with access to your Wistia account.
- Consider implementing domain restrictions for your videos if not already in place.
- Update passwords for your Wistia account and any connected services.
- Monitor account activity for a period after token replacement to ensure no unauthorized access continues.