Skip to content

Signifyd API Key

Service Name: Signifyd

Service Description: Signifyd is a fraud protection platform that uses machine learning to help e-commerce businesses automate order review and guarantee protection against fraudulent chargebacks.

Service Address: https://www.signifyd.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the Signifyd dashboard for API access.

Secret Access Scope: Grants programmatic access to Signifyd's fraud protection API, allowing creation and management of cases, orders, and guarantees.

Secret Revokement URL: https://www.signifyd.com/resources/api/teams/

Secret Example: ZDgzNmQ5YTItYzdjZC00ZGZkLTg2ZTMtZWRjM2ExOTFmMmVj

Suspicious Activity Investigation Instructions:

  • Review the Signifyd dashboard for unusual case creation or management activities
  • Check API logs for unexpected API calls or access patterns
  • Monitor for unusual order processing or guarantee claims
  • Look for API calls from unfamiliar IP addresses or locations
  • Review any changes to webhook configurations or notification settings

Mitigation Instructions:

  • Log in to your Signifyd account dashboard
  • Navigate to the Teams section
  • Locate the compromised API key

  • Click "Revoke" to immediately invalidate the key

  • Generate a new API key with appropriate permissions
  • Update your applications with the new API key
  • Consider implementing IP restrictions for API access
  • Review and update webhook endpoints if necessary
  • Enable additional security features like two-factor authentication for your

Signifyd account