PayPal Braintree Client ID
Service Name: PayPal Braintree
Service Description: Braintree is a payment processing platform owned by PayPal that allows businesses to accept payments online, in-app, or in person. It provides a complete payment solution with support for credit cards, debit cards, digital wallets, and alternative payment methods.
Service Address: https://www.braintreepayments.com/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to the Braintree payment processing API to process transactions, manage customers, and access merchant account information.
Secret Revokement URL: https://developer.paypal.com/braintree/docs/guides/account/control-panel
Secret Example: A1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234
Suspicious Activity Investigation Instructions:
- Review transaction logs in the Braintree Control Panel for unauthorized transactions
- Check for unusual login activity or API calls from unfamiliar locations
- Monitor for unexpected changes to payment configurations or account settings
- Verify webhook endpoints haven't been modified to redirect notifications
- Look for unusual transaction patterns or volumes that differ from normal business operations
Mitigation Instructions:
- Immediately rotate the compromised Client ID and Secret in the Braintree Control Panel
- Navigate to Account > API Keys in the Braintree Control Panel
- Generate new API credentials and update all applications using the old credentials
- Review and update IP restrictions if available
- Audit all webhook endpoints to ensure they point to legitimate destinations
- Enable additional security features like two-factor authentication for the Braintree account