Anything that comes the .com in the root domain usually indicates a different website entirely. If the URL has extra characters or strange extensions, close the tab immediately.
auth-us.surveymonkey.com is not a malicious trick or a hacking attempt. It is a sophisticated, secure authentication gateway that protects your account, your survey data, and your respondents' privacy. By separating login from content delivery, SurveyMonkey adheres to cybersecurity best practices. auth-us.surveymonkey.com
sequenceDiagram participant Client as Third‑party App participant Auth as auth-us.surveymonkey.com participant API as api.surveymonkey.com Client->>Auth: GET /oauth/authorize?client_id=...&redirect_uri=... Auth->>User: Login & consent prompt User->>Auth: Credentials + consent Auth->>Client: Redirect with ?code=... Client->>Auth: POST /oauth/token (code + client_secret) Auth-->>Client: access_token + refresh_token Client->>API: GET /v3/surveys (Bearer token) Anything that comes the
Educate your employees that a real SurveyMonkey login always occurs at a URL ending with surveymonkey.com . Train them to report any login page that uses survey-monkey.com , surveymonkey-auth.com , or any variation that lacks the exact auth-us.surveymonkey.com structure. It is a sophisticated, secure authentication gateway that
This appears when an OAuth request attempts to redirect to an unauthorized callback URL. It usually indicates a misconfigured third-party app or a manual attempt to manipulate the login URL.