Skip to content

ClickUp API Token

Service Name: ClickUp

Service Description: ClickUp is a cloud-based productivity platform that provides task management, docs, goals, and chat in one unified workspace. It helps teams and individuals organize projects, manage workflows, and collaborate effectively.

Service Address: https://clickup.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the workspace level for Enterprise plans.

Secret Access Scope: Grants programmatic access to ClickUp resources including tasks, lists, folders, spaces, teams, and users based on the permissions of the user who created the token.

Secret Revokement URL: https://app.clickup.com/settings/profile

Secret Example: pk_12345678_ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789ABCD

Suspicious Activity Investigation Instructions:

  • Review the ClickUp audit logs for unusual activity or unauthorized access.
  • Check for unexpected changes to tasks, lists, or workspace settings.
  • Monitor for unusual API calls or access patterns from unfamiliar IP addresses.
  • Verify if there are any new integrations or webhooks that were recently added.
  • Review team member access and permission changes.

Mitigation Instructions:

  • Log in to your ClickUp account and navigate to your profile settings.
  • Go to "Apps" section where API tokens are managed.
  • Revoke the compromised API token immediately.
  • Generate a new API token if needed.
  • Review and update any applications or integrations that were using the compromised token.
  • Consider enabling additional security features like two-factor authentication.
  • Review workspace security settings and adjust permissions as necessary.