More Info:

Security risks involved in using API-Keys appear below: • API keys are simple encrypted strings • API keys do not identify the user or the application making the API request • API keys are typically accessible to clients, making it easy to discover and steal an API key To avoid the security risk in using API keys, it is recommended to use standard authentication flow instead.

Risk Level

High

Address

Security, Reliability

Compliance Standards

CISGCP, CBP, HITRUST, SOC2, NISTCSF

Triage and Remediation

Remediation

Using Console

Additional Reading: