Skip to content

Nexmo API Key

Service Name: Vonage (formerly Nexmo)

Service Description: Vonage (formerly Nexmo) is a cloud communications platform that provides APIs for voice, messaging, and verification services, allowing developers to integrate communication features into their applications.

Service Address: https://www.vonage.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through the Vonage Dashboard.

Secret Access Scope: Grants access to Vonage API services including SMS, voice calls, verification, and other communication APIs.

Secret Revokement URL: https://dashboard.nexmo.com/settings

Secret Example: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Suspicious Activity Investigation Instructions:

  • Review the Vonage Dashboard for unusual API usage patterns or spikes in activity.
  • Check API logs for calls from unexpected IP addresses or locations.
  • Monitor for unusual message volumes or destinations that don't align with expected business patterns.
  • Review billing information for unexpected charges that might indicate unauthorized use.
  • Check for any changes to API settings or webhooks that weren't authorized.

Mitigation Instructions:

  • Log in to the Vonage Dashboard at https://dashboard.nexmo.com/

  • Navigate to Settings > API Settings

  • Revoke the compromised API key by clicking "Revoke" next to it
  • Generate a new API key by clicking "Add new API key"
  • Update all applications and services with the new API key
  • Consider implementing IP restrictions for the new API key
  • Review and update webhook URLs to ensure they point to secure endpoints
  • Enable additional security features like signing secret for webhooks if available