Mollie Access Token
Service Name: Mollie
Service Description: Mollie is a payment service provider that offers businesses an easy way to accept online payments through various methods including credit cards, PayPal, iDEAL, Bancontact, SOFORT Banking, and more.
Service Address: https://www.mollie.com/
Validation Type: API Auth
IP Allow list: IP whitelisting is available through Mollie Dashboard for API access
Secret Access Scope: Grants access to Mollie's payment API, allowing creation and management of payments, customers, subscriptions, and other payment-related operations.
Secret Revokement URL: https://my.mollie.com/dashboard/developers/api-keys
Secret Example: test_dHar4XY7LxsDOtmnkVtjNVWXLSlXsM
Suspicious Activity Investigation Instructions:
- Review the Mollie Dashboard for unusual payment activities or unauthorized transactions
- Check API logs for unexpected API calls or access from unfamiliar IP addresses
- Monitor for changes in payment configurations or webhook settings
- Review transaction history for unusual patterns or unexpected refunds
- Check for newly created API keys or access tokens that you don't recognize
Mitigation Instructions:
- Log in to your Mollie Dashboard at https://my.mollie.com/dashboard/
- Navigate to Developers > API keys
- Revoke the compromised API key by clicking on the delete/revoke button
- Generate a new API key if needed
- Update your application(s) with the new API key
- Review and update IP whitelisting settings to restrict access to trusted IP addresses only
- Enable additional security features like two-factor authentication for your Mollie account
- Review webhook configurations to ensure they point to legitimate endpoints