Skip to content

GoCardless API Key

Service Name: GoCardless

Service Description: GoCardless is a global payments platform that specializes in bank-to-bank payments, particularly direct debit solutions. It enables businesses to collect recurring and one-off payments directly from customers' bank accounts.

Service Address: https://gocardless.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the GoCardless dashboard for API access.

Secret Access Scope: Grants programmatic access to the GoCardless API, allowing management of payments, customers, mandates, and other payment operations.

Secret Revokement URL: https://manage.gocardless.com/developers/access-tokens

Secret Example: live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789

Suspicious Activity Investigation Instructions:

  • Review the GoCardless dashboard for unusual payment activities or new mandates.
  • Check API logs for unexpected API calls or access patterns.
  • Monitor for unauthorized payment creation or customer data access.
  • Review webhook configurations for any unauthorized changes.
  • Check for unusual payment frequencies or amounts that differ from normal patterns.

Mitigation Instructions:

  • Log in to the GoCardless dashboard and navigate to the Developer section.

  • Locate the compromised API key in the Access Tokens section.

  • Revoke the compromised API key immediately.
  • Generate a new API key with appropriate permissions.
  • Update your applications with the new API key.
  • Review and update IP restrictions for API access if applicable.
  • Enable additional security features like two-factor authentication for your

GoCardless account.

  • Audit your application code to ensure proper secret management practices.