Yoti SDK ID
Service Name: Yoti
Service Description: Yoti is a digital identity verification platform that allows businesses to verify the identity of their users securely. It provides solutions for age verification, identity verification, and secure authentication.
Service Address: https://www.yoti.com/
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but IP restrictions can be configured at the application level through Yoti's dashboard.
Secret Access Scope: Grants access to Yoti's identity verification API and SDK functionality, allowing applications to integrate with Yoti's identity verification services.
Secret Revokement URL: https://www.yoti.com/dashboard/applications
Secret Example: a1b2c3d4-5e6f-7g8h-9i0j-k1l2m3n4o5p6
Suspicious Activity Investigation Instructions:
- Review Yoti Dashboard logs for unusual verification attempts or API calls
- Check for unexpected spikes in API usage or verification requests
- Monitor for verification attempts from unusual geographic locations
- Review application logs for unauthorized access attempts using the SDK ID
- Check for any changes in configuration settings in the Yoti Dashboard
Mitigation Instructions:
- Log in to the Yoti Dashboard at https://www.yoti.com/dashboard/applications
- Select the affected application
-
Navigate to the "Keys" section
-
Generate a new SDK ID and private key
- Update your application with the new credentials
- Delete or disable the compromised SDK ID
- Review and update security settings for your Yoti integration
- Consider implementing additional security measures such as IP restrictions if
available
- Update any environment variables or configuration files containing the old SDK
ID