Gusto API Key
Service Name: Gusto
Service Description: Gusto is a cloud-based payroll, benefits, and HR management platform designed for small businesses. It provides services for payroll processing, tax filing, time tracking, benefits administration, and HR compliance.
Service Address: https://gusto.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be implemented at the account level through Gusto's security settings.
Secret Access Scope: Grants programmatic access to Gusto's API, allowing applications to access and manage payroll data, employee information, benefits, and other HR-related functions.
Secret Revokement URL: https://app.gusto.com/settings/api_tokens
Secret Example: gsk_abcdef1234567890abcdef1234567890
Suspicious Activity Investigation Instructions:
- Review API access logs in the Gusto dashboard for unusual activity.
- Check for unauthorized API calls or data access patterns.
- Monitor for changes to employee information, payroll settings, or banking details.
- Verify if there were any unexpected integrations added to your Gusto account.
- Review recent payroll runs for unauthorized changes or transactions.
Mitigation Instructions:
- Log in to your Gusto account and navigate to Settings > API Tokens.
- Identify the compromised API key and select Revoke to immediately invalidate it.
- Generate a new API key if needed for legitimate applications.
- Update any authorized applications with the new API key.
- Enable additional security features like two-factor authentication for your Gusto account.
- Review and update access permissions for all users with access to Gusto.
- Contact Gusto support at support@gusto.com if you suspect any unauthorized transactions have occurred.