Skip to main content

PayPal Braintree Keys



  • Documentation:
  • Summary: Braintree is a payment service built by PayPal. It allows customers to create payment pipelines, fraud detection systems and reporting of current operations. These operations can be done through their API. This detector aims at catching credentials used to authenticate requests to the API. These credentials allow to make payments, and get historical data.
  • IPs allowlist: IP allowlisting can be setup from the account's API dashboard, in the Security tab.
  • Scopes: Credentials are either sandbox or production credentials. This detector aims at catching only production credentials.

Revoke the secret#

API keys can be deleted in the API dashboard.

Check for suspicious activity#

Last usage of a key is displayed in the API dashboard.

Details for Paypal braintree keys#

  • Family: Api

  • Category: Payment system

  • Company: PayPal

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.17

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^lock$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: false  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - paypal  - braintree


- text: |    "braintree": {      "publicKey": "gz69wf3m5zvydp4x",      "privateKey": "84a57105677aef32ec2c2341a028242b"    }  client_id: "gz69wf3m5zvydp4x"  client_secret: "84a57105677aef32ec2c2341a028242b"