Skip to content

PayPal API Key

Service Name: PayPal Braintree

Service Description: PayPal Braintree is a payment processing platform that allows businesses to accept, process, and split payments across multiple payment methods including credit cards, debit cards, digital wallets, and PayPal.

Service Address: https://www.braintreepayments.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through the Braintree Control Panel.

Secret Access Scope: Grants access to payment processing capabilities, transaction management, customer data, and financial reporting within the Braintree platform.

Secret Revokement URL: https://developer.paypal.com/braintree/docs/guides/control-panel/settings/api-keys

Secret Example: access_token$sandbox$abcdefghijklmnopqrstuvwxyz0123$4567890123456789012345

Suspicious Activity Investigation Instructions:

  • Review the Braintree Control Panel for unauthorized transactions or suspicious payment activities.
  • Check the transaction history for unusual payment patterns or unexpected transaction volumes.
  • Monitor for unauthorized API calls or access attempts from unfamiliar locations.
  • Examine webhook configurations for any unauthorized changes.
  • Review any changes to payment methods, merchant accounts, or payment flows.

Mitigation Instructions:

  • Log in to the Braintree Control Panel at https://www.braintreegateway.com/login.
  • Navigate to Account > API Keys.
  • Rotate the compromised API key by generating a new one.
  • Update all applications and services using the old API key with the new credentials.
  • Review and update IP restrictions if applicable.
  • Enable additional security measures such as two-factor authentication for the account.
  • Audit all integrations to ensure they follow security best practices.
  • Contact Braintree Support if you suspect fraudulent activity.