Delighted API Key
Service Name: Delighted
Service Description: Delighted is a customer experience platform that helps businesses collect and analyze feedback from customers through surveys, including NPS (Net Promoter Score), CSAT (Customer Satisfaction), and CES (Customer Effort Score) metrics.
Service Address: https://delighted.com/
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but IP restrictions can be implemented at the organization level.
Secret Access Scope: Grants programmatic access to Delighted's API, allowing users to create surveys, send survey requests, retrieve responses, and manage customer feedback data.
Secret Revokement URL: https://delighted.com/account/api
Secret Example: xyzABC123DEFghiJKLmnoPQRstuvwxyz
Suspicious Activity Investigation Instructions:
- Review API access logs for unusual activity patterns or unauthorized requests.
- Check for unexpected survey creations or modifications.
- Monitor for unusual data exports or mass customer data access.
- Look for API calls from unfamiliar IP addresses or locations.
- Verify if there are any unexpected changes to survey configurations.
Mitigation Instructions:
- Log in to your Delighted account and navigate to Account Settings.
- Go to the API section and locate the compromised API key.
- Click Revoke or Delete next to the compromised API key.
- Generate a new API key if needed for legitimate applications.
- Update all legitimate applications with the new API key.
- Review and update access controls for your Delighted account.
- Enable additional security features like two-factor authentication if available.
- Monitor API activity for a period after the key rotation to ensure no unauthorized access continues.