Skip to content

Yoti SDK ID

Service Name: Yoti

Service Description: Yoti is a digital identity verification platform that allows businesses to verify the identity of their users securely. It provides solutions for age verification, identity verification, and secure authentication.

Service Address: https://www.yoti.com/

Validation Type: API Auth

IP Allow list: Does not exist at the secret level, but IP restrictions can be configured at the application level through Yoti's dashboard.

Secret Access Scope: Grants access to Yoti's identity verification API and SDK functionality, allowing applications to integrate with Yoti's identity verification services.

Secret Revokement URL: https://www.yoti.com/dashboard/applications

Secret Example: a1b2c3d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6

Suspicious Activity Investigation Instructions:

  • Review Yoti Dashboard logs for unusual verification attempts or API calls
  • Check for unexpected spikes in API usage or verification requests
  • Monitor for verification attempts from unusual geographic locations
  • Review application logs for unauthorized access attempts using the SDK ID
  • Check for any changes in configuration settings in the Yoti Dashboard

Mitigation Instructions:

  • Log in to the Yoti Dashboard at https://www.yoti.com/dashboard/applications
  • Select the affected application
  • Navigate to the "Keys" section

  • Generate a new SDK ID and private key

  • Update your application with the new credentials
  • Delete or disable the compromised SDK ID
  • Review and update security settings for your Yoti integration
  • Consider implementing additional security measures such as IP restrictions if

available

  • Update any environment variables or configuration files containing the old SDK

ID