Skip to content

Gusto API Key

Service Name: Gusto

Service Description: Gusto is a cloud-based payroll, benefits, and HR management platform designed for small businesses. It provides services for payroll processing, tax filing, time tracking, benefits administration, and HR compliance.

Service Address: https://gusto.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be implemented at the account level through Gusto's security settings.

Secret Access Scope: Grants programmatic access to Gusto's API, allowing applications to access and manage payroll data, employee information, benefits, and other HR-related functions.

Secret Revokement URL: https://app.gusto.com/settings/api_tokens

Secret Example: gsk_abcdef1234567890abcdef1234567890

Suspicious Activity Investigation Instructions:

  • Review API access logs in the Gusto dashboard for unusual activity.
  • Check for unauthorized API calls or data access patterns.
  • Monitor for changes to employee information, payroll settings, or banking details.
  • Verify if there were any unexpected integrations added to your Gusto account.
  • Review recent payroll runs for unauthorized changes or transactions.

Mitigation Instructions:

  • Log in to your Gusto account and navigate to Settings > API Tokens.
  • Identify the compromised API key and select Revoke to immediately invalidate it.
  • Generate a new API key if needed for legitimate applications.
  • Update any authorized applications with the new API key.
  • Enable additional security features like two-factor authentication for your Gusto account.
  • Review and update access permissions for all users with access to Gusto.
  • Contact Gusto support at support@gusto.com if you suspect any unauthorized transactions have occurred.