SendGrid API Key
Service Name: SendGrid
Service Description: SendGrid is a cloud-based email delivery service that assists businesses with email delivery, primarily for marketing and transactional emails. It provides reliable email delivery, scalability, and real-time analytics.
Service Address: https://sendgrid.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through SendGrid's IP Access Management feature.
Secret Access Scope: Grants programmatic access to SendGrid's email delivery services, including sending emails, managing templates, and accessing analytics.
Secret Revokement URL: https://app.sendgrid.com/settings/api_keys
Secret Example: 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
Suspicious Activity Investigation Instructions:
- Review the SendGrid Activity Feed for unusual email sending patterns or volumes.
- Check for unauthorized template modifications or new templates created.
- Monitor for changes in email delivery statistics or unusual bounce rates.
- Review API request logs for unauthorized access or unusual API calls.
- Check for any changes to sender authentication settings.
Mitigation Instructions:
- Log in to your SendGrid account at https://app.sendgrid.com/.
- Navigate to Settings > API Keys in the left sidebar.
- Locate the compromised API key in the list.
- Click the trash icon next to the key to delete it.
- Create a new API key with appropriate permissions to replace the compromised one.
- Update all legitimate applications and services to use the new API key.
- Consider implementing IP access restrictions for your new API key.
- Review and update your security practices for storing and handling API keys.