Skip to content

PayPal Braintree Client ID

Service Name: PayPal Braintree

Service Description: Braintree is a payment processing platform owned by PayPal that allows businesses to accept payments online, in-app, or in person. It provides a complete payment solution with support for credit cards, debit cards, digital wallets, and alternative payment methods.

Service Address: https://www.braintreepayments.com/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to the Braintree payment processing API to process transactions, manage customers, and access merchant account information.

Secret Revokement URL: https://developer.paypal.com/braintree/docs/guides/account/control-panel

Secret Example: A1234567890abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrstuvwxyz1234

Suspicious Activity Investigation Instructions:

  • Review transaction logs in the Braintree Control Panel for unauthorized transactions
  • Check for unusual login activity or API calls from unfamiliar locations
  • Monitor for unexpected changes to payment configurations or account settings
  • Verify webhook endpoints haven't been modified to redirect notifications
  • Look for unusual transaction patterns or volumes that differ from normal business operations

Mitigation Instructions:

  • Immediately rotate the compromised Client ID and Secret in the Braintree Control Panel
  • Navigate to Account > API Keys in the Braintree Control Panel
  • Generate new API credentials and update all applications using the old credentials
  • Review and update IP restrictions if available
  • Audit all webhook endpoints to ensure they point to legitimate destinations
  • Enable additional security features like two-factor authentication for the Braintree account