WePay Token
Service Name: WePay
Service Description: WePay is a payment processing platform that provides payment solutions for platforms and marketplaces, allowing businesses to accept payments online.
Service Address: https://www.wepay.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through WePay's security settings.
Secret Access Scope: Grants access to WePay's payment processing API, allowing for transaction processing, refunds, account management, and access to payment data.
Secret Revokement URL: https://developer.wepay.com/api/api-calls/oauth2
Secret Example: prod_sk_12345678901234567890123456789012
Suspicious Activity Investigation Instructions:
- Review the WePay dashboard for unusual transaction activity or unauthorized charges
- Check API logs for unexpected API calls or access from unfamiliar IP addresses
- Monitor for unusual payment patterns or transaction volumes
- Review webhook configurations for any unauthorized changes
- Check for any unauthorized account settings changes
Mitigation Instructions:
-
Immediately revoke the compromised token through the WePay Developer Dashboard
-
Generate a new API token with appropriate permissions
- Update all applications and services using the old token with the new one
- Review and update IP restrictions if available
- Enable additional security features like two-factor authentication for the WePay
account
- Review application code to ensure tokens are properly secured and not
exposed
- Consider implementing token rotation policies for regular security maintenance