FreshBooks API Token
Service Name: FreshBooks
Service Description: FreshBooks is a cloud-based accounting software service designed for small businesses and freelancers. It provides tools for invoicing, expense tracking, time tracking, project management, and financial reporting.
Service Address: https://www.freshbooks.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through account settings
Secret Access Scope: Grants programmatic access to FreshBooks accounting data, including invoices, expenses, clients, projects, and financial reports.
Secret Revokement URL: https://my.freshbooks.com/#/developer
Secret Example: 1a2b3c4d5e6f7g8h9i0j1k2l3m4n5o6p
Suspicious Activity Investigation Instructions:
- Review API access logs in your FreshBooks account for unusual activity
- Check for unauthorized changes to invoices, clients, or payment information
- Monitor for unexpected data exports or mass modifications
- Verify if there are any new integrations or connected apps you didn't authorize
- Look for unusual login locations or times in your account activity
Mitigation Instructions:
- Log in to your FreshBooks account and navigate to Settings > Developer
- Locate the compromised API token and click "Revoke"
-
Generate a new API token if needed for legitimate applications
-
Review and update account password and enable two-factor authentication
- Audit all connected applications and remove any unauthorized integrations
- Contact FreshBooks support to report the security incident
- Monitor account activity for any additional suspicious behavior