RapidAPI Key

Bridgecrew Policy ID: BC_GIT_62
Chekov Check ID: CKV_SECRET_62
Severity: LOW

RapidAPI Key


RapidAPI is used to find, test, and connect to thousands of APIs — all with a single API key and dashboard. It allows finding APIs, embedding them into an app and tracking usage of all endpoints.

To connect an API to a project or application, you must have an API key to authenticate your request. Creating an app within RapidAPI generates an API key (X-RapidAPI-Key) specific to that application. You can view analytics based on the API calls you make using this app key.

Fix - Buildtime


You can create a new API key and delete the compromised one in a few steps from the Developer Dashboard:

  1. Select the application with the compromised key and navigate to the Security page.
  2. Click "Add New Key." You can also edit the API Key name if desired.
  3. Now it is time to test the new API key. Go to the API's Endpoints tab on the RapidAPI Hub listing and select the new API key from the X-RapidAPI-Key dropdown. Click the "Test Endpoint" button to ensure the new API key is working properly.
  4. Update your project with the new API key.
  5. Return to the application's Security page and delete the compromised API key.