TeleSign API Key
Service Name: TeleSign
Service Description: TeleSign is a communications platform as a service (CPaaS) company that provides APIs for user verification, authentication, and fraud prevention through phone numbers, SMS, voice, and more.
Service Address: https://www.telesign.com/
Validation Type: API Auth
IP Allow list: IP whitelisting is available through TeleSign's Enterprise Portal for API access control.
Secret Access Scope: Grants programmatic access to TeleSign's verification, authentication, and communication APIs, allowing sending of SMS messages, voice calls, and verification of phone numbers.
Secret Revokement URL: https://portal.telesign.com/ (Customer Portal)
Secret Example: 12345678-ABCD-1234-ABCD-123456789012
Suspicious Activity Investigation Instructions:
- Review TeleSign portal logs for unusual API calls or high volumes of SMS/voice verification requests.
- Check for unexpected spikes in usage or costs in your TeleSign billing dashboard.
- Monitor for verification attempts from unusual geographic locations.
- Review authentication failures and successful authentications for patterns.
- Check for API calls made outside of normal business hours or operational patterns.
Mitigation Instructions:
- Log in to the TeleSign Enterprise Portal.
- Navigate to the API Keys section.
- Identify the compromised API key.
- Disable or delete the compromised API key.
- Generate a new API key with appropriate permissions.
- Update your applications with the new API key.
- Consider implementing IP restrictions for the new API key.
- Review and update security policies for storing and handling API keys.
- Monitor for any continued unauthorized usage.