Possible API Key Leak?

Hello all, so I may have found something interesting by dorking on Github for a company I’ve been working on. In two separate python files, both contain:

`header = {'api_key': 'abcdef-ghijkl-mnopq-rstuvwxyz', 'email_id': 'email@company.com'}`

I really have no idea how to verify if that API key is valid though. My Google-Fu is seriously failing me right now. I feel like I’ve been staring at this and researching APIs for far too long… The files were both from July 2018, so I don’t know if this is a red-herring, but my API knowledge is laughable at best. Although, I’m learning which is really all that matters!

Hi @pisteuo,

Usually, API keys are supposed to be public. In the other hand, API secrets or similar are not supposed to be public. If you don’t know for what service is that api_key, it’s difficult to find out if it’s worth reporting or not.

1 Like

@stefanofinding, thank you for the reply! I dug a little further and this wasn’t an issue. Thanks again

1 Like

You’re welcome!
Okay, I hope you find something soon.
Best.