Skip to content

Evernote Developer Token

Service Name: Evernote

Service Description: Evernote is a note-taking and task management application that allows users to create, organize, store, and share notes, which can include text, images, audio recordings, and attachments.

Service Address: https://evernote.com/

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but Evernote Business accounts can implement IP restrictions at the organization level.

Secret Access Scope: Grants programmatic access to a user's Evernote account, allowing applications to read, create, update, and delete notes, notebooks, tags, and other resources within the authorized user's account.

Secret Revokement URL: https://www.evernote.com/Settings.action#developer-settings

Secret Example: S=s1:U=94f3d:E=18a3f5b3c0f:C=17d11e7f488:P=1cd:A=en- devtoken:V=2:H=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Suspicious Activity Investigation Instructions:

  • Review the Evernote activity log for unusual note access, creation, or modification.
  • Check for unauthorized applications connected to your Evernote account.
  • Monitor for unexpected changes to notebooks, notes, or sharing settings.
  • Look for unusual API usage patterns or access from unfamiliar locations.
  • Verify if there are any notes being shared with unrecognized users.

Mitigation Instructions:

  • Log in to your Evernote account and navigate to Settings.
  • Go to the Developer Settings section.
  • Locate the developer token in question and select Revoke to immediately invalidate it.
  • Create a new developer token if needed for legitimate applications.
  • Review and revoke access for any third-party applications that you don't recognize or no longer use.
  • Consider enabling two-factor authentication for your Evernote account for additional security.
  • Change your Evernote account password as an extra precaution.