Skip to content

ADP API Key

Service Name: ADP (Automatic Data Processing)

Service Description: ADP is a provider of human resources management software and services. ADP offers cloud-based solutions for human capital management, payroll services, talent management, tax and compliance services, and benefits administration.

Service Address: https://www.adp.com/

Validation Type: -

IP Allow list: IP restrictions can be configured at the account level through ADP's security settings.

Secret Access Scope: Grants programmatic access to ADP APIs for accessing payroll, HR, and workforce management data.

Secret Revokement URL: https://developers.adp.com/account/manage-credentials

Secret Example: 2ab12cd3-4e56-7f89-0g12-34hi56jk7890

Suspicious Activity Investigation Instructions:

  • Review API access logs in the ADP developer portal for unusual activity.

  • Check for unauthorized data access or extraction patterns.

  • Monitor for API calls from unfamiliar IP addresses or locations.

  • Review any changes to employee or payroll data that may have been made through the API.

  • Check for unusual volumes of requests or access during non-business hours.

Mitigation Instructions:

  • Log in to the ADP developer portal.

  • Navigate to the "Manage Credentials" section.

  • Locate the compromised API key and revoke/delete it.

  • Generate a new API key with appropriate permissions.

  • Update your applications with the new API key.

  • Review and restrict API access permissions to only what is necessary.

  • Implement IP restrictions for API access if available.

  • Enable additional security measures such as multi-factor authentication for the developer account.