FullStory API Key

Bridgecrew Policy ID: BC_GIT_42
Chekov Check ID: CKV_SECRET_42
Severity: LOW

FullStory API Key

Description

FullStory’s HTTP APIs use API keys for authentication. If you are configuring an integration or building some tools of your own that make HTTP calls, you will need a key.
In the FullStory UI the “All Keys” tab shows you all the keys that you have permission to view. If you are an Administrator, then in addition to keys that you have created, you’ll also be able to see other users’ keys and legacy keys. If you are a Standard or Architect user, you will only be able to see your own keys.

Administrators who might be looking at a long list of keys can click the “My Keys” tab to view only their own keys, or the “Legacy Keys” tab to view any legacy keys.

Fix - Buildtime

FullStory

To delete a key, click the “Delete” button that appears at the end of the row where the key is displayed. When you delete a key, API calls making use of the key value will stop working immediately.

Administrators may delete keys for all users. Standard and Architect users may only delete their own keys.

Note that removing or changing the permissions of a user does not affect any API keys that may have been created by that user. For example, if you change a user from "Admin" to "Guest" and wish to remove API keys they may have created, you'll need to do that at the settings page following the instructions above.