Skip to content

Urban Airship App Key

Service Name: Airship (formerly Urban Airship)

Service Description: Airship is a customer engagement platform that provides mobile app messaging, push notifications, email, SMS, and other customer communication services. It helps businesses create personalized customer experiences across multiple channels.

Service Address: https://www.airship.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Airship's security settings.

Secret Access Scope: Grants access to send push notifications, manage app groups, access analytics, and perform other operations within the Airship platform for a specific application.

Secret Revokement URL: https://docs.airship.com/api/ua/#section/Authentication/App-Key-Auth

Secret Example: abcd1234efgh5678ijkl9012mnop3456

Suspicious Activity Investigation Instructions:

  • Review Airship dashboard for unusual message sends or campaign activities
  • Check API logs for unexpected API calls or access patterns
  • Monitor for unusual spikes in notification volume or engagement metrics
  • Review recent configuration changes to channels, segments, or templates
  • Examine IP addresses that have recently accessed the account

Mitigation Instructions:

  • Log in to your Airship account dashboard

  • Navigate to Settings > API & Integrations

  • Locate the compromised app key
  • Click "Revoke" or "Delete" to invalidate the key
  • Generate a new app key if needed
  • Update all legitimate applications and services with the new key
  • Review and update security settings, including IP restrictions if available
  • Consider enabling additional authentication methods like OAuth if available