Yelp API Key
Service Name: Yelp
Service Description: Yelp is a business directory service and crowdsourced review forum that helps people find local businesses, restaurants, and services based on user reviews and ratings. The Yelp Fusion API allows developers to integrate Yelp's data into their applications.
Service Address: https://www.yelp.com/developers
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but rate limiting is applied per API key
Secret Access Scope: Grants access to Yelp's business data, reviews, ratings, and other information through the Yelp Fusion API. Allows developers to search for businesses, get business details, reviews, and categories.
Secret Revokement URL: https://www.yelp.com/developers/v3/manage_app
Secret Example: ABC123def456GHI789jkl012MNO345pqr678STU
Suspicious Activity Investigation Instructions:
- Review API usage logs for unusual patterns or excessive requests
- Check for unauthorized applications using your API key
- Monitor for requests from unexpected geographic locations
- Verify if the API key has been exposed in public repositories or code
- Review Yelp developer dashboard for any notifications about unusual activity
Mitigation Instructions:
- Log in to your Yelp Developer account at https://www.yelp.com/developers/v3/manage_app
- Navigate to the "Manage App" section
- Generate a new API key to replace the compromised one
- Update your applications with the new API key
- Implement proper API key storage practices (environment variables, secret management services)
- Add request origin validation in your application if possible
- Consider implementing API key rotation policies
- Review your code repositories to ensure API keys are not committed to version control