> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cysmiq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Secret Verification Providers

> Services that Cysmiq can verify leaked credentials against.

## Overview

When a secret is detected, Cysmiq can verify whether it is still active by making API calls to the provider. This page lists active secret credential families Cysmiq detects today and whether API verification is supported.

## Supported providers

Cysmiq currently detects 110 active secret credential families across 81 providers. Verification is supported for 94 credential families and not supported for 16.

| Provider        | Credential family                               | Verification supported |
| --------------- | ----------------------------------------------- | ---------------------- |
| AbuseIPDB       | API key                                         | Yes                    |
| Abyssale        | API key                                         | Yes                    |
| Adafruit        | Adafruit IO key                                 | Yes                    |
| Agora           | Customer ID and customer secret                 | Yes                    |
| AI21            | API key                                         | Yes                    |
| Airbrake        | User API key                                    | Yes                    |
| Airtable        | OAuth integrations                              | No                     |
| Airtable        | Personal access tokens                          | Yes                    |
| Aiven           | Application tokens                              | Yes                    |
| Aiven           | Personal tokens                                 | Yes                    |
| Alchemy         | API key                                         | Yes                    |
| Anthropic       | Admin API key                                   | Yes                    |
| Anthropic       | API key                                         | Yes                    |
| Apify           | Organization API tokens                         | Yes                    |
| Apify           | Personal API tokens                             | Yes                    |
| Apollo          | API key                                         | Yes                    |
| Apollo          | OAuth client secret                             | No                     |
| Asana           | Client ID and client secret                     | No                     |
| Asana           | Personal access token                           | Yes                    |
| AssemblyAI      | API key                                         | Yes                    |
| AWS             | Access keys                                     | Yes                    |
| Beamer          | API key                                         | Yes                    |
| Bitkub          | API key                                         | Yes                    |
| Chargebee       | Full-access key                                 | Yes                    |
| Chargebee       | Read-only key                                   | Yes                    |
| CircleCI        | Personal API tokens                             | Yes                    |
| Cloudflare      | Account API token                               | Yes                    |
| Cloudflare      | Global API key                                  | Yes                    |
| Cloudflare      | Origin CA key                                   | Yes                    |
| Cloudflare      | R2 Account API token                            | No                     |
| Cloudflare      | R2 User API token                               | No                     |
| Cloudflare      | Service token                                   | No                     |
| Cloudflare      | User API token                                  | Yes                    |
| Cloudinary      | API key and API secret                          | Yes                    |
| Code Climate    | Personal access token                           | Yes                    |
| Cohere          | API key                                         | Yes                    |
| crates.io       | API token                                       | No                     |
| Databricks      | Personal access token                           | Yes                    |
| DeepSeek        | API key                                         | Yes                    |
| DigitalOcean    | OAuth application                               | No                     |
| DigitalOcean    | Personal access token                           | Yes                    |
| DocuSign        | Integration key                                 | No                     |
| Dropbox         | Access token                                    | Yes                    |
| Duffel          | Access token                                    | Yes                    |
| EasyPost        | API keys                                        | Yes                    |
| GitHub          | Fine-grained personal access token              | Yes                    |
| Google APIs     | Standard API key                                | Yes                    |
| Groq            | Project API key                                 | Yes                    |
| Heroku          | API key                                         | Yes                    |
| HubSpot         | Developer API key                               | Yes                    |
| Hunter          | API key                                         | Yes                    |
| Infura          | API key                                         | Yes                    |
| Intercom        | Access token                                    | Yes                    |
| Jenkins         | API token                                       | Yes                    |
| JFrog           | Access token                                    | Yes                    |
| Langfuse        | API credentials                                 | Yes                    |
| Linear          | Personal API keys                               | Yes                    |
| Mailchimp       | API key                                         | Yes                    |
| Mailgun         | Account API keys                                | Yes                    |
| Mailjet         | API key                                         | Yes                    |
| Mapbox          | Secret token                                    | Yes                    |
| Microsoft Teams | Incoming webhook                                | Yes                    |
| Midtrans        | Server key                                      | Yes                    |
| Mistral AI      | API key                                         | Yes                    |
| MuleSoft        | App acts on behalf of a user                    | No                     |
| MuleSoft        | App acts on its own behalf (client credentials) | Yes                    |
| MuleSoft        | Environment credentials                         | Yes                    |
| MuleSoft        | Organization credentials                        | Yes                    |
| Netlify         | Personal access token                           | Yes                    |
| npm             | Granular access token                           | Yes                    |
| NuGet           | Scoped API keys                                 | Yes                    |
| Nylas           | API key                                         | Yes                    |
| OpenAI          | Personal API key                                | Yes                    |
| OpenAI          | Project API key                                 | Yes                    |
| OpenRouter      | API key                                         | Yes                    |
| OpenRouter      | Management API key                              | Yes                    |
| OpenWeatherMap  | API key                                         | Yes                    |
| Paystack        | API keys                                        | Yes                    |
| Perplexity AI   | API key                                         | Yes                    |
| Polygon.io      | API key                                         | Yes                    |
| Postman         | Postman API key                                 | Yes                    |
| Postmark        | Account API token                               | Yes                    |
| Postmark        | Server API token                                | Yes                    |
| Postmark        | SMTP token                                      | No                     |
| RapidAPI        | Rapid API key                                   | Yes                    |
| Replicate       | API token                                       | Yes                    |
| Replicate       | Signing secret                                  | No                     |
| Resend          | API key                                         | Yes                    |
| RubyGems        | API key                                         | Yes                    |
| SendGrid        | API key                                         | Yes                    |
| Shodan          | API key                                         | Yes                    |
| Slack           | Incoming webhook URL                            | Yes                    |
| SonarCloud      | Personal access tokens                          | Yes                    |
| Square          | OAuth access token                              | Yes                    |
| Square          | Personal access token                           | Yes                    |
| Square          | Sandbox access token                            | No                     |
| SSLMate         | API key                                         | Yes                    |
| StackHawk       | API key                                         | Yes                    |
| Stripe          | Restricted API key                              | Yes                    |
| Stripe          | Secret API key                                  | Yes                    |
| SurgeAI         | API key                                         | Yes                    |
| Tailscale       | API access tokens                               | Yes                    |
| Tailscale       | Auth keys                                       | No                     |
| Tailscale       | OAuth clients                                   | Yes                    |
| Tailscale       | SCIM API keys                                   | No                     |
| Tailscale       | Webhook secret                                  | No                     |
| Tavily          | API key                                         | Yes                    |
| Telegram        | Bot token                                       | Yes                    |
| Travis          | API access token                                | Yes                    |
| Vercel          | Access token                                    | Yes                    |

## LLM-based validation

Secrets without API verification support are validated using LLM-based analysis. This includes:

* High-entropy tokens in configuration files
* Generic API key patterns
* Private keys and certificates
* Provider-ambiguous credentials

LLM validation evaluates the detection context to reduce false positives.
