Finding Hidden API Keys & How to use them

Sumit Jain
Aug 24 · 4 min read

So How to Find Public/hidden API Keys


1. Algolia API KEYS

curl --request PUT \
--url https://<application-id><example-index>/settings \
--header 'content-type: application/json' \
--header 'x-algolia-api-key: <example-key>' \
--header 'x-algolia-application-id: <example-application-id>' \
--data '{"highlightPreTag": "<script>alert(1);</script>"}'

2. AWS Access Key ID & Secret

3. Slack API token

4. Facebook Access Token

5. Github client id and client secret

6. Twilio Account_sid and Auth token

7. Twitter API Secret

8. Twitter Bearer token

9. SendGrid API Token

10. MailGun Private Key

11. Heroku API key

12. Mapbox API key

13. Zendesk Access token

14. Travis CI API token

15. Gitlab personal access token

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade