Skip to content

WePay Token

Service Name: WePay

Service Description: WePay is a payment processing platform that provides payment solutions for platforms and marketplaces, allowing businesses to accept payments online.

Service Address: https://www.wepay.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through WePay's security settings.

Secret Access Scope: Grants access to WePay's payment processing API, allowing for transaction processing, refunds, account management, and access to payment data.

Secret Revokement URL: https://developer.wepay.com/api/api-calls/oauth2

Secret Example: prod_sk_12345678901234567890123456789012

Suspicious Activity Investigation Instructions:

  • Review the WePay dashboard for unusual transaction activity or unauthorized charges
  • Check API logs for unexpected API calls or access from unfamiliar IP addresses
  • Monitor for unusual payment patterns or transaction volumes
  • Review webhook configurations for any unauthorized changes
  • Check for any unauthorized account settings changes

Mitigation Instructions:

  • Immediately revoke the compromised token through the WePay Developer Dashboard

  • Generate a new API token with appropriate permissions

  • Update all applications and services using the old token with the new one
  • Review and update IP restrictions if available
  • Enable additional security features like two-factor authentication for the WePay

account

  • Review application code to ensure tokens are properly secured and not

exposed

  • Consider implementing token rotation policies for regular security maintenance