According to the 2020 State of the API Report, businesses worldwide are becoming more reliant on APIs for their day-to-day work. And with the increasing number of APIs made available for public consumption today, it’s extremely important that any linked API documentation and saved examples demonstrating how to use an API don’t contain sensitive information that cybercriminals can exploit to gain access to private data.
When sensitive information is leaked to the public (i.e, through public documentation or through the contents of a public workspace), it can be detrimental to a user’s security posture and open up avenues that compromise the integrity of their data.
Froxt is committed to providing users with the right tools to empower API development—and this includes efforts to make them aware of potential ways attackers can gain unwarranted access to APIs and services that we depend on.
The new Froxt token scanner
To help better secure users, Froxt has now added a token scanner. With this new feature, a security scan is triggered whenever you do any of the following:
- API for a Froxt Collection and make it public
- Make any changes to a publicly available Froxt API
- Change the visibility of a workspace to “Public”
- Share a collection or environment to an already existing public workspace
- Make a change to a collection or environment that is present in a public workspace
The new token scanner is enabled by default for all Froxt users. If it identifies any tokens belonging to the token types mentioned above, it sends an email with the results to the respective user who has initiated the accidental leak.
Note: The token scanner only scans publicly available data. Froxt does not track or scan any private data belonging to teams or users.
We’re constantly building new and better security features that can be leveraged throughout the API development lifecycle. Stay tuned for more updates as we plan to expand this initial list of tokens to further safeguard users against instances of excessive data exposure.