Skip to content

Urban Airship Master Secret

Service Name: Urban Airship (now Airship)

Service Description: Airship (formerly Urban Airship) is a customer engagement platform that helps brands create personalized mobile app experiences through push notifications, in-app messaging, SMS, email, and other channels.

Service Address: https://www.airship.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Airship's security settings.

Secret Access Scope: The master secret grants administrative access to an Airship application, allowing management of push notifications, audience segments, message templates, and analytics data.

Secret Revokement URL: https://docs.airship.com/api/ua/#operation/api_keys_create

Secret Example: uams_AbCdEfGhIjKlMnOpQrStUvWxYz0123456789

Suspicious Activity Investigation Instructions:

  • Review the Airship dashboard for unusual push notification campaigns or message sends
  • Check for unexpected changes to audience segments or message templates
  • Monitor API usage logs for unusual patterns or high volumes of requests
  • Verify if any new API keys or access tokens have been created
  • Examine notification delivery statistics for anomalies in delivery patterns

Mitigation Instructions:

  • Log in to the Airship dashboard and navigate to Settings > API & Integrations

  • Locate the compromised master secret and click "Revoke"

  • Generate a new master secret through the dashboard
  • Update all legitimate applications and services with the new master secret
  • Review and update IP restrictions for API access if available
  • Enable two-factor authentication for all administrator accounts
  • Audit all user accounts with access to the Airship dashboard and remove

unnecessary access

  • Monitor for any continued unauthorized activity using the new credentials