Vonage API Key
Service Name: Vonage (formerly Nexmo)
Service Description: Vonage is a cloud communications platform that provides APIs for voice, messaging, and video communication capabilities, allowing developers to integrate these features into their applications.
Service Address: https://www.vonage.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through the Vonage Dashboard.
Secret Access Scope: Grants access to Vonage communication APIs including SMS, voice calls, verification, and other communication services.
Secret Revokement URL: https://dashboard.nexmo.com/settings
Secret Example: a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Suspicious Activity Investigation Instructions:
- Review the Vonage Dashboard for unusual API usage patterns or spikes in activity.
- Check API logs for calls from unexpected geographic locations or IP addresses.
- Monitor for unusual message volumes or destinations that don't align with expected business patterns.
- Review billing information for unexpected charges that might indicate unauthorized use.
- Check for any changes to API settings or webhooks that weren't authorized.
Mitigation Instructions:
-
Log in to the Vonage Dashboard at https://dashboard.nexmo.com/
-
Navigate to Settings > API Settings
- Revoke the compromised API key by clicking "Revoke" next to it
- Generate a new API key by clicking "Add new API key"
- Update all applications and services to use the new API key
- Consider implementing IP restrictions for the new API key
- Review and update webhook URLs to ensure they point to legitimate endpoints
- Enable additional security features like signing secret for webhooks if available