Skip to content

Sendinblue API Key

Service Name: Brevo (formerly Sendinblue)

Service Description: Brevo (formerly Sendinblue) is an all-in-one digital marketing platform that offers email marketing, SMS marketing, chat, CRM, and marketing automation tools for businesses of all sizes.

Service Address: https://www.brevo.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Brevo account settings for API access.

Secret Access Scope: Grants programmatic access to Brevo's API services, including sending emails, managing contacts, creating campaigns, and accessing analytics data.

Secret Revokement URL: https://app.brevo.com/settings/keys/api

Secret Example: xkeysib- 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef- AbCdEfGhIj

Suspicious Activity Investigation Instructions:

  • Review the API logs in your Brevo dashboard for unusual activity.
  • Check for unexpected email campaigns or contact list modifications.
  • Monitor for unusual spikes in email sending volume.
  • Verify if there are any unauthorized integrations or applications connected to your account.
  • Review the IP addresses that have been accessing your API.

Mitigation Instructions:

  • Log in to your Brevo account at https://app.brevo.com/.
  • Navigate to Settings > API & Integration > API Keys.
  • Locate the compromised API key and click "Delete" to revoke it.
  • Create a new API key with appropriate permissions.
  • Update your applications and services with the new API key.
  • Consider implementing IP restrictions for your new API key.
  • Review and update password security for your Brevo account.
  • Enable two-factor authentication if available.