# Docs: https://docs.flagsmith.com/quickstart
# Format: ser. prefix followed by 40+ alphanumeric characters
# Verify: GET /api/v1/flags with X-Environment-Key header
# Prefix: ser.
[detector]
id = "flagsmith-api-key"
name = "Flagsmith API Key"
service = "flagsmith"
severity = "high"
keywords = ["ser.", "FLAGSMITH_KEY", "FLAGSMITH_API_KEY"]
[[detector.patterns]]
regex = 'ser\.[a-zA-Z0-9]{40,}'
description = "Flagsmith server-side API key (ser. prefix)"
[detector.verify]
method = "GET"
url = "https://edge.api.flagsmith.com/api/v1/flags"
[detector.verify.auth]
type = "header"
name = "X-Environment-Key"
template = "{{match}}"
[detector.verify.success]
status = 200