PayPal API Key
Service Name: PayPal Braintree
Service Description: PayPal Braintree is a payment processing platform that allows businesses to accept, process, and split payments across multiple payment methods including credit cards, debit cards, digital wallets, and PayPal.
Service Address: https://www.braintreepayments.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through the Braintree Control Panel.
Secret Access Scope: Grants access to payment processing capabilities, transaction management, customer data, and financial reporting within the Braintree platform.
Secret Revokement URL: https://developer.paypal.com/braintree/docs/guides/control-panel/settings/api-keys
Secret Example: access_token$sandbox$abcdefghijklmnopqrstuvwxyz0123$4567890123456789012345
Suspicious Activity Investigation Instructions:
- Review the Braintree Control Panel for unauthorized transactions or suspicious payment activities.
- Check the transaction history for unusual payment patterns or unexpected transaction volumes.
- Monitor for unauthorized API calls or access attempts from unfamiliar locations.
- Examine webhook configurations for any unauthorized changes.
- Review any changes to payment methods, merchant accounts, or payment flows.
Mitigation Instructions:
- Log in to the Braintree Control Panel at https://www.braintreegateway.com/login.
- Navigate to Account > API Keys.
- Rotate the compromised API key by generating a new one.
- Update all applications and services using the old API key with the new credentials.
- Review and update IP restrictions if applicable.
- Enable additional security measures such as two-factor authentication for the account.
- Audit all integrations to ensure they follow security best practices.
- Contact Braintree Support if you suspect fraudulent activity.