Skip to content

Mollie Access Token

Service Name: Mollie

Service Description: Mollie is a payment service provider that offers businesses an easy way to accept online payments through various methods including credit cards, PayPal, iDEAL, Bancontact, SOFORT Banking, and more.

Service Address: https://www.mollie.com/

Validation Type: API Auth

IP Allow list: IP whitelisting is available through Mollie Dashboard for API access

Secret Access Scope: Grants access to Mollie's payment API, allowing creation and management of payments, customers, subscriptions, and other payment-related operations.

Secret Revokement URL: https://my.mollie.com/dashboard/developers/api-keys

Secret Example: test_dHar4XY7LxsDOtmnkVtjNVWXLSlXsM

Suspicious Activity Investigation Instructions:

  • Review the Mollie Dashboard for unusual payment activities or unauthorized transactions
  • Check API logs for unexpected API calls or access from unfamiliar IP addresses
  • Monitor for changes in payment configurations or webhook settings
  • Review transaction history for unusual patterns or unexpected refunds
  • Check for newly created API keys or access tokens that you don't recognize

Mitigation Instructions:

  • Log in to your Mollie Dashboard at https://my.mollie.com/dashboard/
  • Navigate to Developers > API keys
  • Revoke the compromised API key by clicking on the delete/revoke button
  • Generate a new API key if needed
  • Update your application(s) with the new API key
  • Review and update IP whitelisting settings to restrict access to trusted IP addresses only
  • Enable additional security features like two-factor authentication for your Mollie account
  • Review webhook configurations to ensure they point to legitimate endpoints