Adyen API Key
Service Name: Adyen
Service Description: Adyen is a global payment platform that allows businesses to accept e-commerce, mobile, and point-of-sale payments. It provides a single system for accepting payments, protecting revenue, and managing finances.
Service Address: https://www.adyen.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Adyen Customer Area under Settings > API credentials.
Secret Access Scope: Grants access to Adyen's payment processing API, allowing for payment processing, refunds, captures, and access to transaction data.
Secret Revokement URL: https://docs.adyen.com/development-resources/api-credentials/
Secret Example: AQEyhmfxLIrIaBdEw0m/n3Q5qf3VaY9UCJ14XWZE03G/k2NFitRvbe4N1XqH1eHaH2AksaEQwV1bDb7kfNy1WIxIIkxgBw==-y3qzswfh5gf4jq6UXS6rUWFKxAZLyP1PQJVsO2p/4FQ=-B8nmZaUmBHXs6F4k
Suspicious Activity Investigation Instructions:
-
Review the Adyen Customer Area for unauthorized transactions or changes
-
Check API logs for unusual API calls or access patterns
-
Monitor for unexpected payment processing activities
-
Verify transaction volumes and patterns against historical norms
-
Check for API calls from unfamiliar IP addresses or locations
Mitigation Instructions:
-
Log in to the Adyen Customer Area
-
Navigate to Settings > API credentials
-
Locate the compromised API key
-
Click "Delete" to revoke the API key
-
Generate a new API key with appropriate permissions
-
Update all legitimate applications with the new API key
-
Consider implementing additional security measures like IP whitelisting
-
Review and update webhook endpoints to ensure they're secure