Skip to content

Postmark API Token

Service Name: Postmark

Service Description: Postmark is a transactional email service that helps businesses send, deliver, and track application emails. It provides reliable email delivery with detailed analytics and bounce handling.

Service Address: https://postmarkapp.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Postmark's security settings.

Secret Access Scope: Grants access to send emails, manage templates, track delivery statistics, and access all Postmark API endpoints for the associated server.

Secret Revokement URL: https://account.postmarkapp.com/servers > Select server > API Tokens > Revoke

Secret Example: 1234abcd-5678-90ef-ghij-klmnopqrstuv

Suspicious Activity Investigation Instructions:

  • Review the Postmark activity log for unusual sending patterns or volume spikes.
  • Check for emails sent to unfamiliar recipients or domains.
  • Monitor for changes in delivery rates or unusual bounce patterns.
  • Review API access logs for unauthorized IP addresses accessing the service.
  • Check for any new email templates or modifications to existing templates.

Mitigation Instructions:

  • Log in to your Postmark account at https://account.postmarkapp.com/.
  • Navigate to the "Servers" section and select the affected server.
  • Go to the "API Tokens" tab.
  • Click "Revoke" next to the compromised token.
  • Generate a new API token to replace the compromised one.
  • Update the token in all legitimate applications that use it.
  • Consider implementing IP restrictions for API access if not already in place.
  • Review and update any webhook configurations to ensure they point to legitimate endpoints.