Plivo Auth ID
Service Name: Plivo
Service Description: Plivo is a cloud communications platform that enables businesses to integrate voice, SMS, and other communication capabilities into their applications through APIs.
Service Address: https://www.plivo.com/
Validation Type: API Auth
IP Allow list: IP whitelisting is available at the account level through Plivo's security settings.
Secret Access Scope: Grants access to Plivo's communication APIs, allowing sending/receiving SMS messages, making/receiving voice calls, and managing communication resources.
Secret Revokement URL: https://console.plivo.com/dashboard/settings/security/
Secret Example: MAODHJMMFKYZJLNZG3OD
Suspicious Activity Investigation Instructions:
- Review Plivo dashboard logs for unusual API calls or communication activities
- Check for unexpected SMS or voice call volumes that could indicate unauthorized usage
- Monitor for changes in account settings or API configurations
- Review billing information for unexpected charges or usage spikes
- Examine IP addresses that have accessed the account for unfamiliar locations
Mitigation Instructions:
- Log in to the Plivo Console at https://console.plivo.com/
-
Navigate to Settings > API Credentials
-
Regenerate the Auth ID and Auth Token pair
- Update the new credentials in all legitimate applications
- Enable IP whitelisting in the security settings to restrict access
- Enable two-factor authentication for the Plivo account
- Review and update webhook URLs to ensure they point to legitimate endpoints
- Consider implementing additional monitoring for API usage patterns