Skip to content

FreshBooks API Token

Service Name: FreshBooks

Service Description: FreshBooks is a cloud-based accounting software service designed for small businesses and freelancers. It provides tools for invoicing, expense tracking, time tracking, project management, and financial reporting.

Service Address: https://www.freshbooks.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through account settings

Secret Access Scope: Grants programmatic access to FreshBooks accounting data, including invoices, expenses, clients, projects, and financial reports.

Secret Revokement URL: https://my.freshbooks.com/#/developer

Secret Example: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p

Suspicious Activity Investigation Instructions:

  • Review API access logs in your FreshBooks account for unusual activity
  • Check for unauthorized changes to invoices, clients, or payment information
  • Monitor for unexpected data exports or mass modifications
  • Verify if there are any new integrations or connected apps you didn't authorize
  • Look for unusual login locations or times in your account activity

Mitigation Instructions:

  • Log in to your FreshBooks account and navigate to Settings > Developer
  • Locate the compromised API token and click "Revoke"
  • Generate a new API token if needed for legitimate applications

  • Review and update account password and enable two-factor authentication

  • Audit all connected applications and remove any unauthorized integrations
  • Contact FreshBooks support to report the security incident
  • Monitor account activity for any additional suspicious behavior