Skip to content

Adyen API Key

Service Name: Adyen

Service Description: Adyen is a global payment platform that allows businesses to accept e-commerce, mobile, and point-of-sale payments. It provides a single system for accepting payments, protecting revenue, and managing finances.

Service Address: https://www.adyen.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Adyen Customer Area under Settings > API credentials.

Secret Access Scope: Grants access to Adyen's payment processing API, allowing for payment processing, refunds, captures, and access to transaction data.

Secret Revokement URL: https://docs.adyen.com/development-resources/api-credentials/

Secret Example: AQEyhmfxLIrIaBdEw0m/n3Q5qf3VaY9UCJ14XWZE03G/k2NFitRvbe4N1XqH1eHaH2AksaEQwV1bDb7kfNy1WIxIIkxgBw==-y3qzswfh5gf4jq6UXS6rUWFKxAZLyP1PQJVsO2p/4FQ=-B8nmZaUmBHXs6F4k

Suspicious Activity Investigation Instructions:

  • Review the Adyen Customer Area for unauthorized transactions or changes

  • Check API logs for unusual API calls or access patterns

  • Monitor for unexpected payment processing activities

  • Verify transaction volumes and patterns against historical norms

  • Check for API calls from unfamiliar IP addresses or locations

Mitigation Instructions:

  • Log in to the Adyen Customer Area

  • Navigate to Settings > API credentials

  • Locate the compromised API key

  • Click "Delete" to revoke the API key

  • Generate a new API key with appropriate permissions

  • Update all legitimate applications with the new API key

  • Consider implementing additional security measures like IP whitelisting

  • Review and update webhook endpoints to ensure they're secure