Skip to content

PayPal Braintree Access Token

Service Name: PayPal Braintree

Service Description: Braintree is a payment processing platform owned by PayPal that allows businesses to accept, process, and manage payments online. It provides a secure payment gateway for credit cards, debit cards, digital wallets, and other payment methods.

Service Address: https://www.braintreepayments.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Braintree Control Panel

Secret Access Scope: Grants access to payment processing capabilities, transaction management, customer data, and merchant account information.

Secret Revokement URL: https://developer.paypal.com/braintree/docs/guides/authorization/revoke-access

Secret Example: access_tokenproduction5vhgm7nzk2987jd4$1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p

Suspicious Activity Investigation Instructions:

  • Review transaction history in the Braintree Control Panel for unauthorized transactions
  • Check API logs for unusual access patterns or locations
  • Monitor for unexpected changes to payment configurations or account settings
  • Verify webhook configurations haven't been altered to redirect notifications
  • Review any new payment methods or accounts that have been added recently

Mitigation Instructions:

  • Immediately rotate the compromised access token through the Braintree Control

Panel

  • Generate a new access token with appropriate permissions
  • Update all applications and services using the old token with the new one
  • Review and update IP restrictions if applicable
  • Enable additional security features like two-factor authentication for the

Braintree account

  • Audit user access to ensure only authorized personnel have access to tokens
  • Consider implementing a regular token rotation schedule as a security best

practice