Bridgecrew Policy ID: BC_GIT_62
Chekov Check ID: CKV_SECRET_62
RapidAPI is used to find, test, and connect to thousands of APIs — all with a single API key and dashboard. It allows finding APIs, embedding them into an app and tracking usage of all endpoints.
To connect an API to a project or application, you must have an API key to authenticate your request. Creating an app within RapidAPI generates an API key (X-RapidAPI-Key) specific to that application. You can view analytics based on the API calls you make using this app key.
Fix - Buildtime
You can create a new API key and delete the compromised one in a few steps from the Developer Dashboard:
- Select the application with the compromised key and navigate to the Security page.
- Click "Add New Key." You can also edit the API Key name if desired.
- Now it is time to test the new API key. Go to the API's Endpoints tab on the RapidAPI Hub listing and select the new API key from the X-RapidAPI-Key dropdown. Click the "Test Endpoint" button to ensure the new API key is working properly.
- Update your project with the new API key.
- Return to the application's Security page and delete the compromised API key.
Updated 4 months ago