Skip to content

Dwolla API Key

Service Name: Dwolla

Service Description: Dwolla is a financial technology company that provides businesses with a secure platform for sending, receiving, and managing electronic payments. It offers APIs for ACH transfers, digital wallet functionality, and other payment solutions.

Service Address: https://www.dwolla.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be implemented at the account level through Dwolla's dashboard.

Secret Access Scope: Grants programmatic access to Dwolla's payment API, allowing applications to initiate transfers, manage customers, and access account information.

Secret Revokement URL: https://dashboard.dwolla.com/applications

Secret Example: T7cMQj5nBL7lJjPMBm4fqmN9MkmN9MkiILqnY6Yd1qN9Mki

Suspicious Activity Investigation Instructions:

  • Review Dwolla dashboard for unusual transaction activity or unauthorized transfers.
  • Check API logs for unexpected API calls or access patterns.
  • Monitor for new webhooks or integration endpoints that were recently added.
  • Review customer creation and management activities for unauthorized changes.
  • Examine transfer history for unusual amounts or destinations.

Mitigation Instructions:

  • Log in to your Dwolla dashboard at https://dashboard.dwolla.com/applications.
  • Locate the compromised API key in your application settings.
  • Click on the "Revoke" or "Delete" button next to the key.
  • Generate a new API key with appropriate permissions.
  • Update your applications with the new API key.
  • Review and update webhook subscriptions and security settings.
  • Consider implementing additional security measures such as IP restrictions.