PayPal Braintree Keys

Description

General

• Documentation: https://graphql.braintreepayments.com/guides/making_api_calls/
• Summary: Braintree is a payment service built by PayPal. It allows customers to create payment pipelines, fraud detection systems and reporting of current operations. These operations can be done through their API. This detector aims at catching credentials used to authenticate requests to the API. These credentials allow to make payments, and get historical data.
• IPs allowlist: IP allowlisting can be setup from the account's API dashboard, in the Security tab.
• Scopes: Credentials are either sandbox or production credentials. This detector aims at catching only production credentials.

Revoke the secret

API keys can be deleted in the API dashboard.

Check for suspicious activity

Last usage of a key is displayed in the API dashboard.

Details for Paypal braintree keys

• Family: Api

• Category: Payment system

• Company: PayPal

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.01

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^lock$
    - ^storyboard(c|er)?~?$
    - ^xib$
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - paypal
    - braintree

Examples

- text: |
    "braintree": {
      "publicKey": "gz69wf3m5zvydp4x",
      "privateKey": "84a57105677aef32ec2c2341a028242b"
    }
  client_id: 'gz69wf3m5zvydp4x'
  client_secret: '84a57105677aef32ec2c2341a028242b'