Evernote Developer Token
Service Name: Evernote
Service Description: Evernote is a note-taking and task management application that allows users to create, organize, store, and share notes, which can include text, images, audio recordings, and attachments.
Service Address: https://evernote.com/
Validation Type: API Auth
IP Allow list: Does not exist at the token level, but Evernote Business accounts can implement IP restrictions at the organization level.
Secret Access Scope: Grants programmatic access to a user's Evernote account, allowing applications to read, create, update, and delete notes, notebooks, tags, and other resources within the authorized user's account.
Secret Revokement URL: https://www.evernote.com/Settings.action#developer-settings
Secret Example: S=s1:U=94f3d:E=18a3f5b3c0f:C=17d11e7f488:P=1cd:A=en- devtoken:V=2:H=a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Suspicious Activity Investigation Instructions:
- Review the Evernote activity log for unusual note access, creation, or modification.
- Check for unauthorized applications connected to your Evernote account.
- Monitor for unexpected changes to notebooks, notes, or sharing settings.
- Look for unusual API usage patterns or access from unfamiliar locations.
- Verify if there are any notes being shared with unrecognized users.
Mitigation Instructions:
- Log in to your Evernote account and navigate to Settings.
- Go to the Developer Settings section.
- Locate the developer token in question and select Revoke to immediately invalidate it.
- Create a new developer token if needed for legitimate applications.
- Review and revoke access for any third-party applications that you don't recognize or no longer use.
- Consider enabling two-factor authentication for your Evernote account for additional security.
- Change your Evernote account password as an extra precaution.