Skip to main content

PayPal Braintree Keys

Description#

General#

  • Documentation: https://graphql.braintreepayments.com/guides/making_api_calls/
  • Summary: Braintree is a payment service built by PayPal. It allows customers to create payment pipelines, fraud detection systems and reporting of current operations. These operations can be done through their API. This detector aims at catching credentials used to authenticate requests to the API. These credentials allow to make payments, and get historical data.
  • IPs allowlist: IP allowlisting can be setup from the account's API dashboard, in the Security tab.
  • Scopes: Credentials are either sandbox or production credentials. This detector aims at catching only production credentials.

Revoke the secret#

API keys can be deleted in the API dahsboard.

Check for suspicious activity#

Last usage of a key is displayed in the API dashboard.

Details for Paypal braintree keys#

  • Category: Payment system

  • Company: PayPal

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.05

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - lock  - storyboard  - xib  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - paypal  - braintree

Examples#

- text: >    "braintree": {      "publicKey": "gz69wf3m5zvydp4x",      "privateKey": "84a57105677aef32ec2c2341a028242b"    }  client_id: "gz69wf3m5zvydp4x"  client_secret: "84a57105677aef32ec2c2341a028242b"