Skip to content

Pushbullet API Key

Service Name: Pushbullet

Service Description: Pushbullet is a service that bridges the gap between your devices, enabling you to send notifications, links, files, and more between your devices and with friends. It allows for seamless communication between phones, tablets, and computers.

Service Address: https://www.pushbullet.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants full access to a user's Pushbullet account, including the ability to send and receive notifications, access contacts, and manage devices.

Secret Revokement URL: https://www.pushbullet.com/#settings/account

Secret Example: o.XdcsABC123DEFghiJKLmnoPQR

Suspicious Activity Investigation Instructions:

  • Check the Pushbullet account for unauthorized devices or connections.
  • Review recent activity for unexpected pushes or notifications.
  • Monitor for unusual API calls or data transfers between devices.
  • Check if any unauthorized applications have been granted access to your Pushbullet account.
  • Review the access logs if available through the Pushbullet dashboard.

Mitigation Instructions:

  • Log in to your Pushbullet account at https://www.pushbullet.com/.
  • Navigate to Settings > Account.
  • Scroll down to the Access Tokens section.
  • Click "Revoke" next to the compromised API key.
  • Generate a new API key if needed for legitimate applications.
  • Review and revoke access for any suspicious OAuth applications.
  • Enable two-factor authentication if available.
  • Update your Pushbullet account password.