GoCardless API Key
Service Name: GoCardless
Service Description: GoCardless is a global payments platform that specializes in bank-to-bank payments, particularly direct debit solutions. It enables businesses to collect recurring and one-off payments directly from customers' bank accounts.
Service Address: https://gocardless.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the GoCardless dashboard for API access.
Secret Access Scope: Grants programmatic access to the GoCardless API, allowing management of payments, customers, mandates, and other payment operations.
Secret Revokement URL: https://manage.gocardless.com/developers/access-tokens
Secret Example: live_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789
Suspicious Activity Investigation Instructions:
- Review the GoCardless dashboard for unusual payment activities or new mandates.
- Check API logs for unexpected API calls or access patterns.
- Monitor for unauthorized payment creation or customer data access.
- Review webhook configurations for any unauthorized changes.
- Check for unusual payment frequencies or amounts that differ from normal patterns.
Mitigation Instructions:
-
Log in to the GoCardless dashboard and navigate to the Developer section.
-
Locate the compromised API key in the Access Tokens section.
- Revoke the compromised API key immediately.
- Generate a new API key with appropriate permissions.
- Update your applications with the new API key.
- Review and update IP restrictions for API access if applicable.
- Enable additional security features like two-factor authentication for your
GoCardless account.
- Audit your application code to ensure proper secret management practices.