rules: - name: Kling AI Secret Key id: kingfisher.klingai.1 pattern: | (?xi) \b kling (?:.|[\n\r]){0,120}? \b (?:access[\s_-]*key|accesskeyid|ak) (?:.|[\n\r]){0,64}? \b (?P [A-Za-z0-9]{32} ) \b (?:.|[\n\r]){0,120}? \b (secret[\s_-]*key|accesskeysecret|sk) \b (?:.|[\n\r]){0,64}? \b (?P [A-Za-z0-9]{32} ) \b min_entropy: 2.0 confidence: medium examples: - 'kling Access Key: ADaPACHhrBACBMABNbLpyfdQC2aBdf8r kling Secret Key: 8kKdpk9EnNdYJGQ8hRptagCFBmFHDB33"' references: - https://docs.qingque.cn/d/home/eZQDkhg4h2Qg8SEVSUTBdzYeY - https://community.n8n.io/t/authorization-kling-api/112647 validation: type: Http content: request: method: GET # SINGLE LINE URL (no folded block) so you don't accidentally end up with %20 url: 'https://api-singapore.klingai.com/account/costs?start_time={{ "" | unix_timestamp | minus: 3600 | times: 1000 }}&end_time={{ "" | unix_timestamp | times: 1000 }}' headers: Content-Type: application/json Accept: application/json # SINGLE LINE Authorization header (no YAML "|" block) so it won't be dropped. # JWT matches the Python example: HS256 header + {iss,exp,nbf} payload signed with SK. Authorization: '{%- assign header = "HS256" | jwt_header -%}{%- assign now = "" | unix_timestamp -%}{%- assign exp = now | plus: 1800 -%}{%- assign nbf = now | minus: 5 -%}{%- assign payload_json = ''{"iss":"'' | append: AKID | append: ''","exp":'' | append: exp | append: '',"nbf":'' | append: nbf | append: ''}'' -%}{%- assign payload = payload_json | b64url_enc -%}{%- assign signing_input = header | append: "." | append: payload -%}{%- assign sig_b64 = signing_input | hmac_sha256: SECRET -%}{%- assign sig = sig_b64 | replace: "+", "-" | replace: "/", "_" | replace: "=", "" -%}Bearer {{ header }}.{{ payload }}.{{ sig }}' response_matcher: - report_response: true - type: StatusMatch status: [200] - type: StatusMatch status: [401, 403, 500] negative: true - type: JsonValid