WorkOS API Key
Service Name: WorkOS
Service Description: WorkOS is a developer platform that provides authentication, user identity, and other enterprise features that help developers quickly build enterprise-ready applications with features like Single Sign-On (SSO), Multi-Factor Authentication (MFA), Directory Sync, and more.
Service Address: https://workos.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through WorkOS Dashboard.
Secret Access Scope: Grants programmatic access to WorkOS API endpoints, allowing management of authentication, user identity, and enterprise features.
Secret Revokement URL: https://dashboard.workos.com/api-keys
Secret Example: sk_test_a1b2c3d4e5f6g7h8i9j0
Suspicious Activity Investigation Instructions:
- Review WorkOS audit logs for unusual API calls or authentication attempts.
- Check for unexpected changes to SSO configurations or directory connections.
- Monitor for unusual patterns in user authentication or organization management.
- Review API usage metrics for abnormal spikes in activity.
- Check for unauthorized webhooks or callback configurations.
Mitigation Instructions:
- Log in to the WorkOS Dashboard at https://dashboard.workos.com/.
-
Navigate to the API Keys section.
-
Identify the compromised API key.
- Click on the "Revoke" or "Delete" button next to the key.
- Generate a new API key to replace the compromised one.
- Update all legitimate applications and services with the new API key.
- Review and update any IP allowlists or other security configurations.
- Consider implementing additional security measures like webhook signatures.