Postmark API Token
Service Name: Postmark
Service Description: Postmark is a transactional email service that helps businesses send, deliver, and track application emails. It provides reliable email delivery with detailed analytics and bounce handling.
Service Address: https://postmarkapp.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Postmark's security settings.
Secret Access Scope: Grants access to send emails, manage templates, track delivery statistics, and access all Postmark API endpoints for the associated server.
Secret Revokement URL: https://account.postmarkapp.com/servers > Select server > API Tokens > Revoke
Secret Example: 1234abcd-5678-90ef-ghij-klmnopqrstuv
Suspicious Activity Investigation Instructions:
- Review the Postmark activity log for unusual sending patterns or volume spikes.
- Check for emails sent to unfamiliar recipients or domains.
- Monitor for changes in delivery rates or unusual bounce patterns.
- Review API access logs for unauthorized IP addresses accessing the service.
- Check for any new email templates or modifications to existing templates.
Mitigation Instructions:
- Log in to your Postmark account at https://account.postmarkapp.com/.
- Navigate to the "Servers" section and select the affected server.
- Go to the "API Tokens" tab.
- Click "Revoke" next to the compromised token.
- Generate a new API token to replace the compromised one.
- Update the token in all legitimate applications that use it.
- Consider implementing IP restrictions for API access if not already in place.
- Review and update any webhook configurations to ensure they point to legitimate endpoints.