include::../../../shared_content/secrets/description.adoc[]

== Why is this an issue?

include::../../../shared_content/secrets/rationale.adoc[]

=== What is the potential impact?

A RapidAPI key is a unique identifier that allows you to access and use APIs
provided by RapidAPI. This key is used to track your API usage, manage your
subscriptions, and ensure that you have the necessary permissions to access the
APIs you are using. One RapidAPI key can be used to authenticate against a set
of multiple other third-party services, depending on the key entitlement.

If a RapidAPI key leaks to an unintended audience, it can have several potential
consequences. Especially, attackers may use the leaked key to access and utilize
the APIs associated with that key without permission. This can result in
unauthorized usage of API services, potentially leading to misuse, abuse, or
excessive consumption of resources.

== How to fix it

include::../../../shared_content/secrets/fix/revoke.adoc[]

include::../../../shared_content/secrets/fix/recent_use.adoc[]

RapidAPI services include an audit trail feature that can be used to audit
malicious use of the compromised key.

include::../../../shared_content/secrets/fix/vault.adoc[]

=== Code examples

:example_secret: 6f1bbe24b9mshcbb5030202794a4p18f7d0jsndd55ab0f981d
:example_name: rapidapi_key
:example_env: rapidapi_key

include::../../../shared_content/secrets/examples.adoc[]

//=== How does this work?

//=== Pitfalls

//=== Going the extra mile

== Resources

include::../../../shared_content/secrets/resources/standards.adoc[]

=== Documentation

* RapidAPI Documentation - https://docs.rapidapi.com/docs/keys-and-key-rotation#creating-or-rotating-a-rapid-api-key[Creating or rotating a Rapid API key]
* RapidAPI Documentation - https://docs.rapidapi.com/docs/org-audit-trails[Audit Trails]

//=== Benchmarks