Algolia Keys
Description
General
- Documentation: https://www.algolia.com/doc/.
- Summary: This detector aim at catching Algolia API keys - admin keys, monitoring keys and keys with more restricted access.
Revoke the secret
Key can be rotated in the Algolia website.
Details for Algolia Custom Keys
-
Family: credentials
-
Category: data_storage
-
Company: Algolia
-
High recall: False
-
Validity check available: False
-
Analyzer available: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 345.07
-
Prefixed: False
Details for Algolia Monitoring Keys
-
Family: credentials
-
Category: data_storage
-
Company: Algolia
-
High recall: False
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: very rare
-
Prefixed: False
Details for Algolia Admin Keys
-
Family: credentials
-
Category: data_storage
-
Company: Algolia
-
High recall: False
-
Validity check available: False
-
Analyzer available: True
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 345.07
-
Prefixed: False
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 1
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /1/keys/***
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.
