Skip to content

Pendo Integration Key

Service Name: Pendo

Service Description: Pendo is a product analytics and digital adoption platform that helps software companies build better products through behavioral analytics, user feedback, and guided walkthroughs.

Service Address: https://www.pendo.io/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to Pendo's API for integrating with the Pendo platform, allowing data collection, analytics retrieval, and feature management.

Secret Revokement URL: https://support.pendo.io/hc/en-us/articles/360031862232-API-Keys

Secret Example: 5e8d3a1f-c4b2-4e9d-8a7b-9c6d3e2f1a0b

Suspicious Activity Investigation Instructions:

  • Review Pendo audit logs for unusual API calls or data access patterns
  • Check for unexpected integrations or data exports from your Pendo account
  • Monitor for unauthorized feature changes or guide modifications
  • Examine any unusual spikes in API usage or data collection
  • Verify if there are any new users or permissions changes in your Pendo account

Mitigation Instructions:

  • Log in to your Pendo account and navigate to Settings
  • Go to the Integrations or API Keys section
  • Locate the compromised API key and click to revoke/delete it

  • Generate a new API key with appropriate permissions

  • Update the key in all legitimate integrations and applications
  • Consider implementing IP restrictions at the application level if possible
  • Review and adjust user permissions to ensure proper access controls
  • Enable audit logging and monitoring for your Pendo account