Dwolla API Key
Service Name: Dwolla
Service Description: Dwolla is a financial technology company that provides businesses with a secure platform for sending, receiving, and managing electronic payments. It offers APIs for ACH transfers, digital wallet functionality, and other payment solutions.
Service Address: https://www.dwolla.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be implemented at the account level through Dwolla's dashboard.
Secret Access Scope: Grants programmatic access to Dwolla's payment API, allowing applications to initiate transfers, manage customers, and access account information.
Secret Revokement URL: https://dashboard.dwolla.com/applications
Secret Example: T7cMQj5nBL7lJjPMBm4fqmN9MkmN9MkiILqnY6Yd1qN9Mki
Suspicious Activity Investigation Instructions:
- Review Dwolla dashboard for unusual transaction activity or unauthorized transfers.
- Check API logs for unexpected API calls or access patterns.
- Monitor for new webhooks or integration endpoints that were recently added.
- Review customer creation and management activities for unauthorized changes.
- Examine transfer history for unusual amounts or destinations.
Mitigation Instructions:
- Log in to your Dwolla dashboard at https://dashboard.dwolla.com/applications.
- Locate the compromised API key in your application settings.
- Click on the "Revoke" or "Delete" button next to the key.
- Generate a new API key with appropriate permissions.
- Update your applications with the new API key.
- Review and update webhook subscriptions and security settings.
- Consider implementing additional security measures such as IP restrictions.