Skip to content

Airship API Key

Service Name: Airship (formerly Urban Airship)

Service Description: Airship is a customer engagement platform that helps companies create personalized mobile app experiences, push notifications, SMS messaging, email campaigns, and other customer communications across multiple channels.

Service Address: https://www.airship.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Airship dashboard under account settings.

Secret Access Scope: Grants programmatic access to Airship's API for managing mobile app notifications, messaging campaigns, and customer engagement features.

Secret Revokement URL: https://docs.airship.com/api/ua/#operation/api/app/tokens

Secret Example: ZDg3ZjJiYzItNDg1Ny00YWNlLWIxMjMtNDVkZmU5YTg3NmFj

Suspicious Activity Investigation Instructions:

  • Review Airship dashboard logs for unusual API calls or notification sends

  • Check for unexpected increases in API usage or notification volume

  • Monitor for changes in notification patterns or targeting unusual audience segments

  • Review recent changes to integration settings or API tokens

  • Examine message content for unauthorized campaigns or suspicious messaging

Mitigation Instructions:

  • Log in to the Airship dashboard

  • Navigate to Settings > API & Integrations

  • Locate the compromised API key

  • Click "Revoke" or "Delete" to invalidate the token

  • Generate a new API key if needed

  • Update the API key in all legitimate applications and services

  • Review and update access permissions for the new API key

  • Consider implementing additional security measures like IP restrictions

  • Monitor for any continued unauthorized access attempts