Pendo Integration Key
Service Name: Pendo
Service Description: Pendo is a product analytics and digital adoption platform that helps software companies build better products through behavioral analytics, user feedback, and guided walkthroughs.
Service Address: https://www.pendo.io/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Pendo's API for integrating with the Pendo platform, allowing data collection, analytics retrieval, and feature management.
Secret Revokement URL: https://support.pendo.io/hc/en-us/articles/360031862232-API-Keys
Secret Example: 5e8d3a1f-c4b2-4e9d-8a7b-9c6d3e2f1a0b
Suspicious Activity Investigation Instructions:
- Review Pendo audit logs for unusual API calls or data access patterns
- Check for unexpected integrations or data exports from your Pendo account
- Monitor for unauthorized feature changes or guide modifications
- Examine any unusual spikes in API usage or data collection
- Verify if there are any new users or permissions changes in your Pendo account
Mitigation Instructions:
- Log in to your Pendo account and navigate to Settings
- Go to the Integrations or API Keys section
-
Locate the compromised API key and click to revoke/delete it
-
Generate a new API key with appropriate permissions
- Update the key in all legitimate integrations and applications
- Consider implementing IP restrictions at the application level if possible
- Review and adjust user permissions to ensure proper access controls
- Enable audit logging and monitoring for your Pendo account