ClickUp API Token
Service Name: ClickUp
Service Description: ClickUp is a cloud-based productivity platform that provides task management, docs, goals, and chat in one unified workspace. It helps teams and individuals organize projects, manage workflows, and collaborate effectively.
Service Address: https://clickup.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the workspace level for Enterprise plans.
Secret Access Scope: Grants programmatic access to ClickUp resources including tasks, lists, folders, spaces, teams, and users based on the permissions of the user who created the token.
Secret Revokement URL: https://app.clickup.com/settings/profile
Secret Example: pk_12345678_ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD
Suspicious Activity Investigation Instructions:
- Review the ClickUp audit logs for unusual activity or unauthorized access.
- Check for unexpected changes to tasks, lists, or workspace settings.
- Monitor for unusual API calls or access patterns from unfamiliar IP addresses.
- Verify if there are any new integrations or webhooks that were recently added.
- Review team member access and permission changes.
Mitigation Instructions:
- Log in to your ClickUp account and navigate to your profile settings.
- Go to "Apps" section where API tokens are managed.
- Revoke the compromised API token immediately.
- Generate a new API token if needed.
- Review and update any applications or integrations that were using the compromised token.
- Consider enabling additional security features like two-factor authentication.
- Review workspace security settings and adjust permissions as necessary.