OneSignal App Secret
Service Name: OneSignal
Service Description: OneSignal is a push notification service that enables businesses to send notifications across various platforms including mobile apps, web browsers, and email. It provides tools for customer engagement, retention, and communication.
Service Address: https://onesignal.com/
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but IP restrictions can be configured at the account level through OneSignal's dashboard.
Secret Access Scope: Grants programmatic access to the OneSignal API, allowing management of push notifications, segments, users, and analytics for a specific OneSignal app.
Secret Revokement URL: https://dashboard.onesignal.com/apps/[YOUR_APP_ID]/settings/keys_and_ids
Secret Example: MDFhYmMyZDMtNGVmNS00Njc4LTlkYWItMjNiNGZjZDU2YmVj
Suspicious Activity Investigation Instructions:
- Review the OneSignal dashboard for unusual notification activity or unexpected message sends
- Check delivery reports for notifications you don't recognize
- Monitor API usage logs for unauthorized endpoints or excessive requests
- Verify if there are any new segments or users created without authorization
- Examine notification content for potential malicious messages or phishing attempts
Mitigation Instructions:
- Log in to your OneSignal dashboard at https://dashboard.onesignal.com/
- Navigate to Settings > Keys & IDs for the affected app
- Click "Reset" next to the REST API Key to invalidate the compromised key
- Generate a new API key
- Update all legitimate applications and services with the new API key
- Review and update API access permissions if needed
- Enable additional security features like two-factor authentication for your
OneSignal account
- Audit your notification history to identify any unauthorized messages sent
during the compromise