Skip to content

Dashlane API Token

Service Name: Dashlane

Service Description: Dashlane is a password management service that helps users store and manage their passwords, personal information, and other sensitive data securely across multiple devices and platforms.

Service Address: https://www.dashlane.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level for Dashlane Business accounts.

Secret Access Scope: Grants programmatic access to Dashlane's API, allowing applications to interact with Dashlane services, manage passwords, and access user data based on permissions granted.

Secret Revokement URL: https://app.dashlane.com/settings/security

Secret Example: DAPI_01234567-89ab-cdef-0123-456789abcdef

Suspicious Activity Investigation Instructions:

  • Review Dashlane account activity logs for unauthorized access or suspicious operations
  • Check for unknown devices or locations accessing the account
  • Monitor for unexpected password changes or exports
  • Review API usage patterns for abnormal behavior or data access
  • Check for unauthorized applications connected to your Dashlane account

Mitigation Instructions:

  • Log in to your Dashlane account at https://app.dashlane.com/
  • Navigate to Settings > Security

  • Locate the API tokens section and revoke the compromised token

  • Generate a new API token if needed
  • Enable two-factor authentication if not already active
  • Review and update your master password
  • Check for and remove any unauthorized devices from your account
  • Consider implementing IP restrictions for your Dashlane Business account
  • Review audit logs to understand the scope of potential compromise