Skip to content

Paystack API Key

Service Name: Paystack

Service Description: Paystack is a payment processing platform that helps businesses in Africa accept payments from customers around the world. It provides tools for online and in-person payments, recurring billing, and payment management.

Service Address: https://paystack.com/

Validation Type: API Auth

IP Allow list: IP whitelisting is available at the account level for API requests

Secret Access Scope: Grants access to Paystack's API for processing payments, managing customers, subscriptions, and accessing transaction data.

Secret Revokement URL: https://dashboard.paystack.com/#/settings/developer

Secret Example: sk_test_51a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p7q8r9s0t

Suspicious Activity Investigation Instructions:

  • Review the Paystack dashboard for unauthorized transactions or unusual payment activity
  • Check API logs for unexpected API calls or access from unfamiliar IP addresses
  • Monitor for changes in payment routing or unusual transaction patterns
  • Review webhook configurations for unauthorized changes
  • Check for unexpected customer or subscription creations

Mitigation Instructions:

  • Log in to your Paystack dashboard at https://dashboard.paystack.com/
  • Navigate to Settings > API Keys & Webhooks
  • Revoke the compromised API key by clicking the "Revoke" button next to it

  • Generate a new API key to replace the compromised one

  • Update all legitimate applications and services with the new API key
  • Review and update IP whitelisting settings if applicable
  • Enable additional security features like two-factor authentication for your

Paystack account

  • Review and update webhook endpoints to ensure they're pointing to legitimate

destinations