WSO2 API Token
Service Name: WSO2 API Manager
Service Description: WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and securing and monetizing APIs. It provides API lifecycle management, monetization, and policy enforcement.
Service Address: https://wso2.com/api-manager/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the API level through throttling policies and access control mechanisms.
Secret Access Scope: Grants access to WSO2 API Manager resources based on the token's assigned scopes and permissions. Can be used to access APIs, manage API subscriptions, and interact with the API Gateway.
Secret Revokement URL: https://apim.docs.wso2.com/en/latest/learn/consume-api/manage-application/generate-keys/revoke-access-tokens/
Secret Example: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5UZG1aak00WkRrM05qWTBZemM1TW1abU9EZ3dNVEUzTVdZd05ERTVNV1JsWkRnNE56YzRaQT09In0.eyJhdWQiOiJodHRwOlwvXC9vcmcud3NvMi5hcGltZ3RcL2dhdGV3YXkiLCJzdWIiOiJhZG1pbiIsImFwcGxpY2F0aW9uIjp7Im93bmVyIjoiYWRtaW4iLCJ0aWVyIjoiVW5saW1pdGVkIiwibmFtZSI6IkRlZmF1bHRBcHBsaWNhdGlvbiIsImlkIjoxLCJ1dWlkIjpudWxsfSwic2NvcGUiOiJhbV9hcHBsaWNhdGlvbl9zY29wZSBkZWZhdWx0IiwiaXNzIjoiaHR0cHM6XC9cL2xvY2FsaG9zdDo5NDQzXC9vYXV0aDJcL3Rva2VuIiwidGllckluZm8iOnsiVW5saW1pdGVkIjp7InRpZXJRdW90YVR5cGUiOiJyZXF1ZXN0Q291bnQiLCJncmFwaFFMTWF4Q29tcGxleGl0eSI6MCwiZ3JhcGhRTE1heERlcHRoIjowLCJzdG9wT25RdW90YVJlYWNoIjp0cnVlLCJzcGlrZUFycmVzdExpbWl0IjowLCJzcGlrZUFycmVzdFVuaXQiOm51bGx9fSwia2V5dHlwZSI6IlBST0RVQ1RJT04iLCJzdWJzY3JpYmVkQVBJcyI6W3sic3Vic2NyaWJlclRlbmFudERvbWFpbiI6ImNhcmJvbi5zdXBlciIsIm5hbWUiOiJQaXp6YVNoYWNrQVBJIiwiY29udGV4dCI6IlwvcGl6emFzaGFja1wvMS4wLjAiLCJwdWJsaXNoZXIiOiJhZG1pbiIsInZlcnNpb24iOiIxLjAuMCIsInN1YnNjcmlwdGlvblRpZXIiOiJVbmxpbWl0ZWQifV0sImNvbnN1bWVyS2V5IjoiVnZWRmJHZlRuTnVyZ2ZnZFhpQXRXQl9ZSWtFYSIsImV4cCI6MTY5NzA0NTk0MiwiaWF0IjoxNjk3MDQyMzQyLCJqdGkiOiI3YTU4MWNjZC1jMzJhLTQ5YzQtYWY1OS0zZjkyOGY0NDJlYTAifQ==.NLZPwcV3Fvy6E0jgH3_4z_8gAiHj0HgFn1rqNm7I2Lk5XGpgQPgMJVKLCjLzQNNXrLikhRFGzYESEP3eqvPwEn1IvKkJDGXXX3jX-4-8gFxvRWBPwrI8-pgZ3MHpISK3mJwVVa_GQU_8vd3F3qIKlzh_VlAH_YPExfnwRJDcMaE
Suspicious Activity Investigation Instructions:
- Review WSO2 API Manager logs for unusual API calls or access patterns.
- Check for unauthorized token generation or usage from unexpected IP addresses.
- Monitor for unusual API subscription activities or high-volume requests.
- Examine token usage patterns for signs of token leakage or misuse.
- Review API Gateway traffic logs for suspicious patterns or unauthorized access attempts.
Mitigation Instructions:
- Revoke the compromised token immediately through the WSO2 API Manager admin console.
- Generate a new token with appropriate scopes and permissions.
- Update token policies to include IP restrictions if applicable.
- Enable token validation and JWT claim verification.
- Consider implementing shorter token lifetimes and refresh token rotation.
- Review and update API throttling policies to prevent abuse.
- Enable additional security measures like OAuth 2.0 scopes and mutual SSL authentication.
- Implement API request throttling to prevent abuse.