Payoneer API Key
Service Name: Payoneer
Service Description: Payoneer is a financial services company that provides online money transfer, digital payment services, and working capital to businesses and professionals. It enables businesses to pay and get paid globally as easily as they do locally.
Service Address: https://www.payoneer.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Payoneer API settings for enhanced security.
Secret Access Scope: Grants programmatic access to Payoneer's API services, allowing integration with payment systems, account management, transaction processing, and reporting features.
Secret Revokement URL: https://developer.payoneer.com/docs/authentication.html#revoking-access-tokens
Secret Example: pay_1a2b3c4d5e6f7g8h9i0j
Suspicious Activity Investigation Instructions:
- Review API logs for unusual transaction patterns or unauthorized access attempts
- Check for API calls from unfamiliar IP addresses or locations
- Monitor for unexpected payment transactions or account changes
- Verify recent API integration changes or new applications using the API key
- Examine transaction history for anomalies in payment amounts or frequencies
Mitigation Instructions:
- Log in to your Payoneer account and navigate to the Developer/API section
- Locate the compromised API key in your list of active keys
- Revoke or delete the compromised API key immediately
- Generate a new API key with appropriate permissions
- Update all legitimate applications and services with the new API key
- Implement IP restrictions for the new API key if possible
- Review and update security settings for your Payoneer account
- Enable additional security features such as two-factor authentication
- Monitor account activity closely for several days after the incident