Branch.io API Key
Service Name: Branch.io
Service Description: Branch.io is a mobile linking platform that helps companies create seamless user experiences and gain insights across all devices, channels, and platforms. It provides deep linking, attribution, and analytics solutions for mobile apps.
Service Address: https://branch.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Branch dashboard under account settings.
Secret Access Scope: Grants programmatic access to Branch.io APIs, allowing management of deep links, access to analytics data, and configuration of Branch features.
Secret Revokement URL: https://dashboard.branch.io/account-settings/app
Secret Example: key_live_abcdefghijklmnopqrstuvwxyz0123456789ABCD
Suspicious Activity Investigation Instructions:
- Review Branch.io dashboard for unusual activity or unexpected link creations.
- Check API call logs for unauthorized access or unusual patterns.
- Monitor for unexpected changes in deep link configurations or redirects.
- Examine analytics data for anomalous traffic patterns or attribution changes.
- Review webhook configurations for unauthorized changes.
Mitigation Instructions:
- Log in to the Branch.io dashboard at https://dashboard.branch.io/.
-
Navigate to Account Settings > App.
-
Locate the compromised API key in the list.
- Click "Revoke" next to the key to invalidate it.
- Generate a new API key if needed.
- Update all legitimate applications and services with the new API key.
- Review and update IP restrictions and other security settings.
- Enable two-factor authentication for all Branch.io dashboard users.