Skip to content

YouSign API Key

Service Name: YouSign

Service Description: YouSign is an electronic signature platform that allows businesses to create, send, and sign legally binding documents online. It provides secure digital signature solutions for various industries.

Service Address: https://yousign.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured in the YouSign dashboard for API access.

Secret Access Scope: Grants programmatic access to YouSign's API, allowing for document creation, signature requests, user management, and other operations related to electronic signatures.

Secret Revokement URL: https://yousign.com/en-eu/api/settings

Secret Example: ys_prod_eu_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG

Suspicious Activity Investigation Instructions:

  • Review the YouSign activity logs for unusual document creation or signature requests.
  • Check for unexpected API calls or access from unfamiliar IP addresses.
  • Monitor for unauthorized user additions or modifications to existing documents.
  • Examine the timestamp and frequency of API calls to identify potential abuse patterns.
  • Verify if documents were created or signed outside of normal business hours.

Mitigation Instructions:

  • Log in to your YouSign account and navigate to the API settings.
  • Revoke the compromised API key immediately.
  • Generate a new API key with appropriate permissions.
  • Update all applications and services that use the YouSign API with the new key.
  • Consider implementing IP restrictions for API access if not already in place.
  • Review and update access control policies to enforce the Principle of Least Privilege.
  • Enable additional security features such as two-factor authentication for account access.
  • Monitor API usage for a period after the incident to ensure no unauthorized access persists.