Skip to content

Heartland API Key

Service Name: Heartland Payment Systems

Service Description: Heartland Payment Systems is a payment processing company that provides merchants with the ability to accept credit, debit, and prepaid card transactions, as well as payroll services, point-of-sale solutions, and other merchant services.

Service Address: https://www.heartlandpaymentsystems.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured through the Heartland Developer Portal for API access.

Secret Access Scope: Grants access to payment processing APIs, transaction management, customer data, and payment gateway functionality.

Secret Revokement URL: https://developer.heartlandpaymentsystems.com/Account/KeyManagement

Secret Example: skapi_cert_MTyMAQBiHVEAewvIzXVFcmUd2UcyBge_eCpaASUp0A

Suspicious Activity Investigation Instructions:

  • Review transaction logs in the Heartland Merchant Portal for unauthorized transactions.
  • Check API access logs for unusual patterns or access from unexpected locations.
  • Monitor for unexpected refunds, voids, or high-value transactions.
  • Look for changes in transaction volume or frequency that deviate from normal patterns.
  • Verify if any new payment terminals or integration points have been added without authorization.

Mitigation Instructions:

  • Log in to the Heartland Developer Portal.
  • Navigate to Account > API Keys Management.
  • Locate the compromised API key and click "Revoke" or "Delete".
  • Generate a new API key if needed.
  • Update all legitimate applications with the new API key.
  • Review and update IP restrictions for API access.
  • Enable additional security features like velocity controls and fraud monitoring.
  • Contact Heartland Payment Systems support at 1-888-963-3600 to report the compromise.