Skip to content

Pepipost API Key

Service Name: Pepipost (now part of Netcore Cloud)

Service Description: Pepipost is an email delivery service that helps businesses send transactional and marketing emails. It provides features for email delivery, tracking, and analytics. Pepipost was acquired by Netcore Cloud and is now part of their email delivery solutions.

Service Address: https://pepipost.com/ (redirects to https://netcorecloud.com/email-api/)

Validation Type: API Auth

IP Allow list: IP whitelisting is available at the account level for API access

Secret Access Scope: Grants full access to send emails and access account features through the Pepipost API

Secret Revokement URL: https://app.pepipost.com/settings/integration

Secret Example: 5d3b1c8e9f2a7d6e4b3a2c1d0e9f8a7b6c5d4e3f2a1b0c9d8e7f6a5b4c3d2e1f

Suspicious Activity Investigation Instructions:

  • Review email sending logs in the Pepipost dashboard for unauthorized activity
  • Check for unusual spikes in email volume or sending patterns
  • Monitor for emails sent to unfamiliar recipients or domains
  • Review API access logs for unauthorized IP addresses
  • Check for changes in email templates or sending configurations

Mitigation Instructions:

  • Log in to your Pepipost/Netcore Cloud account
  • Navigate to Settings > Integration

  • Locate the compromised API key and click "Revoke" or "Delete"

  • Generate a new API key with appropriate permissions
  • Update the API key in all legitimate applications
  • Consider implementing IP whitelisting for additional security
  • Review and update email sending policies and rate limits
  • Enable two-factor authentication for your Pepipost account if available