- Summary: Mailgun API allows you to send emails and perform other actions linked to your Mailgun account programmatically. The API key has full control over your account (you can remove domains, send mails)
- IPs allowlist: Yes see here
- Scopes: Mailgun API key has no scopes and have full access to your account. You have one API key per account and not per user.So leaking a Mailgun API key is a really sensitive event
Be careful you can currently have only one private API key per account. Go to the API security in your console and click on the "Reset Private API key" button. Be aware than when you revoke a secret it will still be active during 48 hours.
As far as we know, there is no way to check if an API key was used or not. The only thing you can do is check if your key was used to send emails in your Mailgun logs panel. Anyone who has such an access key has unrestricted access to all the account resources, including billing information.
Mailgun basic auth#
Category: Messaging system
High recall: True
Validity check available: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 4.27
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r)?html5?~?$ - ^[aps]?cssc?~?$ - ^lock$ - ^mdx?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames:  check_binaries: false- type: ContentWhitelistPreValidator patterns: - key-
- text: > curl -H "Authorization: Bearer key-ae54fcc23ade65fa404a65e78c56f898 https://api.linode.com/v4/account apikey: key-ae54fcc23ade65fa404a65e78c56f898