Urban Airship App Key
Service Name: Airship (formerly Urban Airship)
Service Description: Airship is a customer engagement platform that provides mobile app messaging, push notifications, email, SMS, and other customer communication services. It helps businesses create personalized customer experiences across multiple channels.
Service Address: https://www.airship.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Airship's security settings.
Secret Access Scope: Grants access to send push notifications, manage app groups, access analytics, and perform other operations within the Airship platform for a specific application.
Secret Revokement URL: https://docs.airship.com/api/ua/#section/Authentication/App-Key-Auth
Secret Example: abcd1234efgh5678ijkl9012mnop3456
Suspicious Activity Investigation Instructions:
- Review Airship dashboard for unusual message sends or campaign activities
- Check API logs for unexpected API calls or access patterns
- Monitor for unusual spikes in notification volume or engagement metrics
- Review recent configuration changes to channels, segments, or templates
- Examine IP addresses that have recently accessed the account
Mitigation Instructions:
-
Log in to your Airship account dashboard
-
Navigate to Settings > API & Integrations
- Locate the compromised app key
- Click "Revoke" or "Delete" to invalidate the key
- Generate a new app key if needed
- Update all legitimate applications and services with the new key
- Review and update security settings, including IP restrictions if available
- Consider enabling additional authentication methods like OAuth if available