Skip to main content

Algolia Keys

Description

General

  • Documentation: https://www.algolia.com/doc/.
  • Summary: This detector aim at catching Algolia API keys - admin keys, monitoring keys and keys with more restricted access.
  • IPs allowlist: There is no IP allowlisting possible.
  • Scopes: This key has all permissions.

Revoke the secret

  • Key can be rotated in the Algolia website.

Check for suspicious activity

There is currently no method to verify the actions done with the key.

Details for Algolia custom permissions

  • Family: Api

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 5.07

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - algolia

Examples

- text: |
    algolia
    clientid= 2D20AW43DA
    clientsecret= 3c039c651368a6b0f7640dbda46bfadc
  client_id: 2D20AW43DA
  client_secret: 3c039c651368a6b0f7640dbda46bfadc
- text: algolia clientid= 2D20AW43DA clientsecret= 3c039c651368a6b0f7640dbda46bfadc

  client_id: 2D20AW43DA
  client_secret: 3c039c651368a6b0f7640dbda46bfadc

Details for Algolia monitoring

  • Family: Api

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - algolia

Examples

- text: |
    const ALGOLIA_APP_ID = 'O209R1PN3N';
    const ALGOLIA_MONITORING_KEY = '476aee33e12b4ef08e8f1ba9c4b638c0';
  client_id: O209R1PN3N
  client_secret: 476aee33e12b4ef08e8f1ba9c4b638c0
- text: const ALGOLIA_APP_ID = 'O209R1PN3N'; const ALGOLIA_MONITORING_KEY = '476aee33e12b4ef08e8f1ba9c4b638c0';

  client_id: O209R1PN3N
  client_secret: 476aee33e12b4ef08e8f1ba9c4b638c0

Details for Algolia admin

  • Family: Api

  • Category: Data storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 6.87

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - algolia

Examples

- text: |
    const ALGOLIA_APP_ID = 'OH2GRAP30N';
    const ALGOLIA_ADMIN_KEY = 'b782df1739614041699a45f8079a3623';
  client_id: OH2GRAP30N
  client_secret: b782df1739614041699a45f8079a3623
- text: |
    struct Algolia {
      static let appId: String = "B2NW9U3W8F"
      static let apiKeySearch: String = "d9ad5cd8c4a29789099c7521561228dc"
    }pap
  client_id: B2NW9U3W8F
  client_secret: d9ad5cd8c4a29789099c7521561228dc
- text: const ALGOLIA_APP_ID = 'OH2GRAP30N'; const ALGOLIA_ADMIN_KEY = 'b782df1739614041699a45f8079a3623';

  client_id: OH2GRAP30N
  client_secret: b782df1739614041699a45f8079a3623

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status