Skip to content

Zoho Creator API Key

Service Name: Zoho Creator

Service Description: Zoho Creator is a low-code application development platform that allows businesses to build custom applications without extensive coding knowledge. It enables users to create, customize, and deploy business applications through a drag-and-drop interface.

Service Address: https://www.zoho.com/creator/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level in Zoho Creator's security settings.

Secret Access Scope: Grants programmatic access to Zoho Creator applications, forms, reports, and data. Allows for CRUD operations on records, automation of workflows, and integration with other services.

Secret Revokement URL: https://accounts.zoho.com/home#security/

Secret Example: 1000.XXXXXXXXXXXXXXXXXXXXXXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXX

Suspicious Activity Investigation Instructions:

  • Review the API access logs in Zoho Creator admin console for unusual activity.
  • Check for unexpected data modifications or exports from your Zoho Creator applications.
  • Monitor for unauthorized application changes or new integrations.
  • Verify if there are any new API clients or unexpected API usage patterns.
  • Look for access from unusual geographic locations or IP addresses.

Mitigation Instructions:

  • Log in to your Zoho account and navigate to the API Console.
  • Locate the compromised API key in the list of client credentials.
  • Click on the "Delete" or "Revoke" button next to the compromised key.
  • Generate a new API key if needed for legitimate applications.
  • Update any legitimate applications with the new API key.
  • Consider implementing IP restrictions for API access in your Zoho security settings.
  • Review and update access permissions for all API clients to follow the Principle of Least Privilege.
  • Enable notifications for API key usage to monitor for suspicious activities.