Skip to content

Razorpay API Secret

Service Name: Razorpay

Service Description: Razorpay is a payment gateway service provider that allows businesses to accept, process, and disburse payments online with various payment methods including credit cards, debit cards, net banking, UPI, and popular mobile wallets.

Service Address: https://razorpay.com/

Validation Type: API Auth

IP Allow list: IP whitelisting is available at the account level for API requests

Secret Access Scope: Grants programmatic access to Razorpay's payment processing API, allowing creation and management of payments, refunds, settlements, and other payment-related operations.

Secret Revokement URL: https://dashboard.razorpay.com/#/app/keys

Secret Example: rzp_test_1DP5mmOlF5G5ag

Suspicious Activity Investigation Instructions:

  • Review the Razorpay dashboard for unusual transaction patterns or unauthorized payment activities
  • Check API logs for unexpected API calls or access from unfamiliar IP addresses
  • Monitor for unusual refund requests or payment disputes
  • Review webhook configurations for any unauthorized changes
  • Check for any new or modified payment integration settings

Mitigation Instructions:

  • Log in to your Razorpay Dashboard at https://dashboard.razorpay.com/
  • Navigate to Settings > API Keys

  • Identify the compromised key and click "Regenerate" to invalidate the old key

  • Update your applications with the newly generated API key
  • Consider implementing IP whitelisting for API access if not already enabled
  • Review and update webhook endpoints to ensure they point to legitimate URLs
  • Enable additional security features like two-factor authentication for your

Razorpay account