Skip to content

Yoti Key Pair

Service Name: Yoti

Service Description: Yoti is a digital identity verification platform that allows businesses and individuals to verify identities securely. It provides authentication, age verification, and identity management solutions.

Service Address: https://www.yoti.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Yoti Hub dashboard for API access

Secret Access Scope: Grants access to Yoti's identity verification API services, allowing applications to request and process user verification data

Secret Revokement URL: https://www.yoti.com/developers/access-security

Secret Example:

Suspicious Activity Investigation Instructions:

  • Review Yoti Hub dashboard for unusual authentication attempts
  • Check API logs for unexpected verification requests
  • Monitor for unusual patterns in identity verification requests
  • Review access logs for unauthorized IP addresses attempting to use the API Private key: -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA74uJ/q21yZk67NzktTL3khNpOnfsKVa7Xev/0W8rvPmhxPzT N1OmrAVQzLgLpVDiDvdF7GvS9yYbSuJ8wEHnOfP6sJ2n5JWv6dkPUVk6oJJpGRHR YOpWgYjXuiQ8Cwe2T2ka9syI5Ohw14wjw6GxeIq0AYvez4DFgLz4vZB4jX9DMjG5 JCUyTyGBLRVjDYsV2Fn2vP8PkpXPNog2+pHvEZUTJJQUCiUsS4XRtMOIwwIDAQAB -----END RSA PRIVATE KEY----- App ID: a1bc2345-6d78-9e01-f234-5g6h7i8j9k0l

  • Check for any data access outside normal business hours or from unusual

locations

Mitigation Instructions:

  • Immediately rotate the compromised key pair in the Yoti Hub dashboard
  • Generate a new key pair and update all applications using the old credentials
  • Review and update IP restrictions in the Yoti Hub
  • Enable additional security features like two-factor authentication for the Yoti account
  • Review application code to ensure keys are not hardcoded or improperly stored
  • Update any CI/CD pipelines that may contain the compromised credentials
  • Consider implementing a secrets management solution for better key security