TeleSign API Secret
Service Name: TeleSign
Service Description: TeleSign is a communications platform as a service (CPaaS) company that provides APIs for phone verification, SMS messaging, voice calls, and user authentication to help businesses prevent fraud and improve customer engagement.
Service Address: https://www.telesign.com/
Validation Type: API Auth
IP Allow list: IP whitelisting is available through TeleSign's Customer Portal for API access control.
Secret Access Scope: Grants programmatic access to TeleSign's communication and verification APIs, allowing sending SMS messages, making voice calls, and verifying phone numbers.
Secret Revokement URL: https://portal.telesign.com/portal/account-settings
Secret Example: 9FjYwt7dYj1kNnrLj0aZXcVbE8sT5pRq
Suspicious Activity Investigation Instructions:
- Review TeleSign portal logs for unusual API calls or high volumes of verification requests.
- Check for unexpected spikes in SMS or voice call usage.
- Monitor for verification attempts from unusual geographic locations.
- Review authentication logs for failed login attempts to your TeleSign account.
- Analyze transaction history for unauthorized or suspicious verification activities.
Mitigation Instructions:
- Log in to the TeleSign Customer Portal immediately.
- Navigate to Account Settings and revoke the compromised API credentials.
- Generate new API credentials with appropriate access restrictions.
- Update IP whitelisting settings to restrict API access to trusted IP addresses only.
- Enable additional security features like two-factor authentication for the TeleSign portal.
- Update all applications and services using the old credentials with the newly generated ones.
- Monitor account activity for several days to ensure no unauthorized access continues.