Skip to content

TeleSign API Key

Service Name: TeleSign

Service Description: TeleSign is a communications platform as a service (CPaaS) company that provides APIs for user verification, authentication, and fraud prevention through phone numbers, SMS, voice, and more.

Service Address: https://www.telesign.com/

Validation Type: API Auth

IP Allow list: IP whitelisting is available through TeleSign's Enterprise Portal for API access control.

Secret Access Scope: Grants programmatic access to TeleSign's verification, authentication, and communication APIs, allowing sending of SMS messages, voice calls, and verification of phone numbers.

Secret Revokement URL: https://portal.telesign.com/ (Customer Portal)

Secret Example: 12345678-ABCD-1234-ABCD-123456789012

Suspicious Activity Investigation Instructions:

  • Review TeleSign portal logs for unusual API calls or high volumes of SMS/voice verification requests.
  • Check for unexpected spikes in usage or costs in your TeleSign billing dashboard.
  • Monitor for verification attempts from unusual geographic locations.
  • Review authentication failures and successful authentications for patterns.
  • Check for API calls made outside of normal business hours or operational patterns.

Mitigation Instructions:

  • Log in to the TeleSign Enterprise Portal.
  • Navigate to the API Keys section.
  • Identify the compromised API key.
  • Disable or delete the compromised API key.
  • Generate a new API key with appropriate permissions.
  • Update your applications with the new API key.
  • Consider implementing IP restrictions for the new API key.
  • Review and update security policies for storing and handling API keys.
  • Monitor for any continued unauthorized usage.