YouSign API Key
Service Name: YouSign
Service Description: YouSign is an electronic signature platform that allows businesses to create, send, and sign legally binding documents online. It provides secure digital signature solutions for various industries.
Service Address: https://yousign.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the YouSign dashboard for API access.
Secret Access Scope: Grants programmatic access to YouSign's API, allowing for document creation, signature requests, user management, and other operations related to electronic signatures.
Secret Revokement URL: https://yousign.com/en-eu/api/settings
Secret Example: ys_prod_eu_abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG
Suspicious Activity Investigation Instructions:
- Review the YouSign activity logs for unusual document creation or signature requests.
- Check for unexpected API calls or access from unfamiliar IP addresses.
- Monitor for unauthorized user additions or modifications to existing documents.
- Examine the timestamp and frequency of API calls to identify potential abuse patterns.
- Verify if documents were created or signed outside of normal business hours.
Mitigation Instructions:
- Log in to your YouSign account and navigate to the API settings.
- Revoke the compromised API key immediately.
- Generate a new API key with appropriate permissions.
- Update all applications and services that use the YouSign API with the new key.
- Consider implementing IP restrictions for API access if not already in place.
- Review and update access control policies to enforce the Principle of Least Privilege.
- Enable additional security features such as two-factor authentication for account access.
- Monitor API usage for a period after the incident to ensure no unauthorized access persists.