Skip to content

Checkout.com API Secret Key

Service Name: Checkout.com

Service Description: Checkout.com is a global payment solution provider that offers a unified platform for accepting payments, managing fraud, and optimizing revenue across international markets. Their API enables businesses to process online payments, manage transactions, and access financial services.

Service Address: https://www.checkout.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Checkout.com dashboard for API access.

Secret Access Scope: Grants programmatic access to Checkout.com's payment processing API, allowing for payment processing, refunds, transaction management, and account information retrieval.

Secret Revokement URL: https://hub.checkout.com/docs/api-keys

Secret Example: sk_test_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0

Suspicious Activity Investigation Instructions:

  • Review the Checkout.com dashboard for unusual transaction patterns or unauthorized payment attempts.
  • Check API logs for unexpected API calls or access from unfamiliar IP addresses.
  • Monitor for unusual payment processing activities, especially those involving large amounts.
  • Verify webhook configurations to ensure they haven't been altered to redirect notifications.
  • Review any recent changes to API key permissions or settings.

Mitigation Instructions:

  • Log in to your Checkout.com merchant account.
  • Navigate to the Developer section or API settings.
  • Locate the compromised API key and click "Revoke" or "Delete".
  • Generate a new API key with appropriate permissions.
  • Update your applications with the new API key.
  • Review and update your security practices, including implementing IP restrictions.
  • Consider implementing additional security measures such as webhook signatures.
  • Monitor your account for any suspicious activity for several days after the incident.