Skip to main content

Algolia Keys

Description

General

  • Documentation: https://www.algolia.com/doc/.
  • Summary: This detector aim at catching Algolia API keys - admin keys, monitoring keys and keys with more restricted access.

Revoke the secret

Key can be rotated in the Algolia website.

Details for Algolia Custom Keys

  • Family: credentials

  • Category: data_storage

  • Company: Algolia

  • High recall: False

  • Validity check available: False

  • Analyzer available: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 345.07

  • Prefixed: False

Details for Algolia Monitoring Keys

  • Family: credentials

  • Category: data_storage

  • Company: Algolia

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: very rare

  • Prefixed: False

Details for Algolia Admin Keys

  • Family: credentials

  • Category: data_storage

  • Company: Algolia

  • High recall: False

  • Validity check available: False

  • Analyzer available: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 345.07

  • Prefixed: False

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /1/keys/***

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.