Skip to content

App Center API Token

Service Name: Microsoft App Center

Service Description: Microsoft App Center is a mobile app development platform that provides services for building, testing, releasing, and monitoring mobile apps. It supports iOS, Android, Windows, and macOS apps, offering features like automated builds, UI testing, distribution to testers and app stores, crash reporting, analytics, and push notifications.

Service Address: https://appcenter.ms/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants programmatic access to App Center resources and services, including app management, build configurations, test runs, analytics data, and distribution groups.

Secret Revokement URL: https://appcenter.ms/settings/apitokens

Secret Example: c1e5414a9e0b4a8b8f5414a9e0bfa8b8

Suspicious Activity Investigation Instructions:

  • Review App Center activity logs for unusual API calls or resource access
  • Check for unauthorized app builds or distributions
  • Monitor for changes to app configurations or test environments
  • Look for unusual patterns in API usage or access times
  • Verify if any new users have been added to your organization
  • Check for unexpected changes to distribution groups or test devices

Mitigation Instructions:

  • Log in to App Center at https://appcenter.ms/

  • Navigate to your account settings by clicking on your profile picture in the top

right

  • Select "Account Settings"
  • Click on the "API Tokens" tab
  • Locate the compromised token in the list
  • Click the "Delete" button next to the token
  • Confirm the deletion
  • Create a new API token with appropriate permissions if needed
  • Update any legitimate applications or services that were using the old token