Yandex Predictor API Key
Service Name: Yandex Predictor
Service Description: Yandex Predictor is a machine learning service that provides text prediction capabilities, including language detection, translation suggestions, and text completion. It's part of Yandex's suite of AI and machine learning services.
Service Address: https://yandex.com/dev/predictor/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Yandex Predictor API endpoints for text prediction, language detection, and translation services.
Secret Revokement URL: https://yandex.com/dev/id/doc/en/api/api-docpage/
Secret Example: pdct.1.1.20230101T123456Z.a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
Suspicious Activity Investigation Instructions:
- Review API usage logs for unusual request patterns or volumes
- Check for API calls from unexpected geographic locations
- Monitor for excessive API calls that might indicate abuse or credential theft
- Verify if the API key is being used in unauthorized applications
- Look for unusual language pairs or prediction requests that don't align with your expected usage
Mitigation Instructions:
- Log in to your Yandex Developer account
- Navigate to the API Keys section in your developer dashboard
-
Locate the compromised API key
-
Click on "Revoke" or "Delete" to invalidate the key
- Generate a new API key with appropriate permissions
- Update your applications with the new API key
- Consider implementing additional security measures such as request rate
limiting
- Review your code to ensure API keys are not exposed in client-side code or
public repositories