Checkout.com API Secret Key
Service Name: Checkout.com
Service Description: Checkout.com is a global payment solution provider that offers a unified platform for accepting payments, managing fraud, and optimizing revenue across international markets. Their API enables businesses to process online payments, manage transactions, and access financial services.
Service Address: https://www.checkout.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Checkout.com dashboard for API access.
Secret Access Scope: Grants programmatic access to Checkout.com's payment processing API, allowing for payment processing, refunds, transaction management, and account information retrieval.
Secret Revokement URL: https://hub.checkout.com/docs/api-keys
Secret Example: sk_test_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
Suspicious Activity Investigation Instructions:
- Review the Checkout.com dashboard for unusual transaction patterns or unauthorized payment attempts.
- Check API logs for unexpected API calls or access from unfamiliar IP addresses.
- Monitor for unusual payment processing activities, especially those involving large amounts.
- Verify webhook configurations to ensure they haven't been altered to redirect notifications.
- Review any recent changes to API key permissions or settings.
Mitigation Instructions:
- Log in to your Checkout.com merchant account.
- Navigate to the Developer section or API settings.
- Locate the compromised API key and click "Revoke" or "Delete".
- Generate a new API key with appropriate permissions.
- Update your applications with the new API key.
- Review and update your security practices, including implementing IP restrictions.
- Consider implementing additional security measures such as webhook signatures.
- Monitor your account for any suspicious activity for several days after the incident.