Finicity Authentication Keys
Service Name: Finicity
Service Description: Finicity is a financial data aggregation and insights platform that provides APIs for accessing financial data from banks and other financial institutions. It enables developers to build applications that can access, analyze, and leverage financial data for various use cases such as credit decisioning, account verification, and personal financial management.
Service Address: https://www.finicity.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured through the Finicity Developer Portal for API access.
Secret Access Scope: Grants programmatic access to Finicity APIs, allowing retrieval of financial data, account verification, and other financial services.
Secret Revokement URL: https://developer.finicity.com/admin/keys
Secret Example: 7c89e340c5d24f42a7a9be5c115c1aae
Suspicious Activity Investigation Instructions:
- Review API access logs in the Finicity Developer Portal for unusual patterns or unauthorized access.
- Check for unexpected API calls or data retrievals that don't align with normal application behavior.
- Monitor for unusual volumes of financial data requests or access to accounts not typically accessed.
- Verify if the API key has been used from unusual geographic locations or IP addresses.
- Review any changes to webhook configurations or notification settings.
Mitigation Instructions:
- Log in to the Finicity Developer Portal at https://developer.finicity.com/.
- Navigate to the API Keys section in your account settings.
- Locate the compromised API key and click "Revoke" or "Delete".
- Generate a new API key to replace the compromised one.
- Update your application configurations with the new API key.
- Consider implementing additional security measures such as IP restrictions for API access.
- Review and update your application's security practices for storing and handling API credentials.
- Monitor for any continued suspicious activity with the new credentials.