kingfisher/data/rules/instantly.yml

rules:
  - name: Instantly API Key
    id: kingfisher.instantly.1
    pattern: |
      (?xi)
      \b
      instantly
      (?:\.ai)?
      (?:.|[\n\r]){0,16}?
      (?:SECRET|PRIVATE|ACCESS|KEY|TOKEN)
      (?:.|[\n\r]){0,16}?
      \b
      (
        [A-Z0-9+/]{66}==
      )
    pattern_requirements:
      min_digits: 4
    min_entropy: 3.3
    confidence: medium
    examples:
      - 'INSTANTLY_API_KEY="NmNlMCI1MWUtZDBmMC00NTc4LWE0MDItMDM0NGU0ZWI0MzliOmFzWWtCZUxUY3ZPRg=="'
    references:
      - https://developer.instantly.ai/api/v2/analytics/getdailyaccountanalytics
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://api.instantly.ai/api/v2/accounts/analytics/daily?start_date={{ '' | date: '%Y-%m-01' }}&end_date={{ '' | date: '%Y-%m-%d' }}"
          headers:
            Authorization: "Bearer {{ TOKEN }}"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200, 401]
            - type: WordMatch
              negative: true
              words:
                - '"Invalid authorization header or API key"'
                - '"Invalid API key"'
            - type: JsonValid