Skip to content

TeleSign API Secret

Service Name: TeleSign

Service Description: TeleSign is a communications platform as a service (CPaaS) company that provides APIs for phone verification, SMS messaging, voice calls, and user authentication to help businesses prevent fraud and improve customer engagement.

Service Address: https://www.telesign.com/

Validation Type: API Auth

IP Allow list: IP whitelisting is available through TeleSign's Customer Portal for API access control.

Secret Access Scope: Grants programmatic access to TeleSign's communication and verification APIs, allowing sending SMS messages, making voice calls, and verifying phone numbers.

Secret Revokement URL: https://portal.telesign.com/portal/account-settings

Secret Example: 9FjYwt7dYj1kNnrLj0aZXcVbE8sT5pRq

Suspicious Activity Investigation Instructions:

  • Review TeleSign portal logs for unusual API calls or high volumes of verification requests.
  • Check for unexpected spikes in SMS or voice call usage.
  • Monitor for verification attempts from unusual geographic locations.
  • Review authentication logs for failed login attempts to your TeleSign account.
  • Analyze transaction history for unauthorized or suspicious verification activities.

Mitigation Instructions:

  • Log in to the TeleSign Customer Portal immediately.
  • Navigate to Account Settings and revoke the compromised API credentials.
  • Generate new API credentials with appropriate access restrictions.
  • Update IP whitelisting settings to restrict API access to trusted IP addresses only.
  • Enable additional security features like two-factor authentication for the TeleSign portal.
  • Update all applications and services using the old credentials with the newly generated ones.
  • Monitor account activity for several days to ensure no unauthorized access continues.