Skip to content

Elastic Email API Key

Service Name: Elastic Email

Service Description: Elastic Email is an email delivery service that provides transactional and marketing email solutions. It offers features such as email sending, tracking, analytics, and template management for businesses to effectively communicate with their customers.

Service Address: https://elasticemail.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Elastic Email dashboard under Security Settings.

Secret Access Scope: Grants programmatic access to Elastic Email's API for sending emails, managing contacts, accessing analytics, and other email delivery functions.

Secret Revokement URL: https://elasticemail.com/account#/settings/new/manage-api

Secret Example: 11111111-1111-1111-1111-111111111111

Suspicious Activity Investigation Instructions:

  • Review the Elastic Email dashboard for unusual sending patterns or volume spikes.
  • Check email delivery reports for unexpected campaigns or content.
  • Monitor API usage logs for unauthorized access or unusual API calls.
  • Verify IP addresses that have been used to access the API.
  • Review contact list changes for unauthorized additions or exports.

Mitigation Instructions:

  • Log in to your Elastic Email account.
  • Navigate to Settings > API Keys.
  • Locate the compromised API key.
  • Click "Delete" or "Revoke" to invalidate the key.
  • Generate a new API key with appropriate permissions.
  • Update your applications with the new API key.
  • Consider implementing IP restrictions for API access.
  • Review and update security settings to prevent future unauthorized access.