Signifyd API Key
Service Name: Signifyd
Service Description: Signifyd is a fraud protection platform that uses machine learning to help e-commerce businesses automate order review and guarantee protection against fraudulent chargebacks.
Service Address: https://www.signifyd.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Signifyd dashboard for API access.
Secret Access Scope: Grants programmatic access to Signifyd's fraud protection API, allowing creation and management of cases, orders, and guarantees.
Secret Revokement URL: https://www.signifyd.com/resources/api/teams/
Secret Example: ZDgzNmQ5YTItYzdjZC00ZGZkLTg2ZTMtZWRjM2ExOTFmMmVj
Suspicious Activity Investigation Instructions:
- Review the Signifyd dashboard for unusual case creation or management activities
- Check API logs for unexpected API calls or access patterns
- Monitor for unusual order processing or guarantee claims
- Look for API calls from unfamiliar IP addresses or locations
- Review any changes to webhook configurations or notification settings
Mitigation Instructions:
- Log in to your Signifyd account dashboard
- Navigate to the Teams section
-
Locate the compromised API key
-
Click "Revoke" to immediately invalidate the key
- Generate a new API key with appropriate permissions
- Update your applications with the new API key
- Consider implementing IP restrictions for API access
- Review and update webhook endpoints if necessary
- Enable additional security features like two-factor authentication for your
Signifyd account