Yoti Key Pair
Service Name: Yoti
Service Description: Yoti is a digital identity verification platform that allows businesses and individuals to verify identities securely. It provides authentication, age verification, and identity management solutions.
Service Address: https://www.yoti.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Yoti Hub dashboard for API access
Secret Access Scope: Grants access to Yoti's identity verification API services, allowing applications to request and process user verification data
Secret Revokement URL: https://www.yoti.com/developers/access-security
Secret Example:
Suspicious Activity Investigation Instructions:
- Review Yoti Hub dashboard for unusual authentication attempts
- Check API logs for unexpected verification requests
- Monitor for unusual patterns in identity verification requests
-
Review access logs for unauthorized IP addresses attempting to use the API Private key: -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA74uJ/q21yZk67NzktTL3khNpOnfsKVa7Xev/0W8rvPmhxPzT N1OmrAVQzLgLpVDiDvdF7GvS9yYbSuJ8wEHnOfP6sJ2n5JWv6dkPUVk6oJJpGRHR YOpWgYjXuiQ8Cwe2T2ka9syI5Ohw14wjw6GxeIq0AYvez4DFgLz4vZB4jX9DMjG5 JCUyTyGBLRVjDYsV2Fn2vP8PkpXPNog2+pHvEZUTJJQUCiUsS4XRtMOIwwIDAQAB -----END RSA PRIVATE KEY----- App ID: a1bc2345-6d78-9e01-f234-5g6h7i8j9k0l
-
Check for any data access outside normal business hours or from unusual
locations
Mitigation Instructions:
- Immediately rotate the compromised key pair in the Yoti Hub dashboard
- Generate a new key pair and update all applications using the old credentials
- Review and update IP restrictions in the Yoti Hub
- Enable additional security features like two-factor authentication for the Yoti account
- Review application code to ensure keys are not hardcoded or improperly stored
- Update any CI/CD pipelines that may contain the compromised credentials
- Consider implementing a secrets management solution for better key security