Skip to content

Delighted API Key

Service Name: Delighted

Service Description: Delighted is a customer experience platform that helps businesses collect and analyze feedback from customers through surveys, including NPS (Net Promoter Score), CSAT (Customer Satisfaction), and CES (Customer Effort Score) metrics.

Service Address: https://delighted.com/

Validation Type: API Auth

IP Allow list: Does not exist at the secret level, but IP restrictions can be implemented at the organization level.

Secret Access Scope: Grants programmatic access to Delighted's API, allowing users to create surveys, send survey requests, retrieve responses, and manage customer feedback data.

Secret Revokement URL: https://delighted.com/account/api

Secret Example: xyzABC123DEFghiJKLmnoPQRstuvwxyz

Suspicious Activity Investigation Instructions:

  • Review API access logs for unusual activity patterns or unauthorized requests.
  • Check for unexpected survey creations or modifications.
  • Monitor for unusual data exports or mass customer data access.
  • Look for API calls from unfamiliar IP addresses or locations.
  • Verify if there are any unexpected changes to survey configurations.

Mitigation Instructions:

  • Log in to your Delighted account and navigate to Account Settings.
  • Go to the API section and locate the compromised API key.
  • Click Revoke or Delete next to the compromised API key.
  • Generate a new API key if needed for legitimate applications.
  • Update all legitimate applications with the new API key.
  • Review and update access controls for your Delighted account.
  • Enable additional security features like two-factor authentication if available.
  • Monitor API activity for a period after the key rotation to ensure no unauthorized access continues.