Skip to content

FreshBooks OAuth Token

Service Name: FreshBooks

Service Description: FreshBooks is a cloud-based accounting software service designed for small businesses and freelancers. It provides tools for invoicing, expense tracking, time tracking, project management, and financial reporting.

Service Address: https://www.freshbooks.com/

Validation Type: API Auth

IP Allow list: Does not exist at the token level, but IP restrictions can be configured at the account level through account settings.

Secret Access Scope: Grants programmatic access to FreshBooks accounting data including invoices, expenses, clients, projects, and financial reports based on the OAuth scopes requested during authorization.

Secret Revokement URL: https://my.freshbooks.com/#/developer

Secret Example: 1000.abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx

Suspicious Activity Investigation Instructions:

  • Review the FreshBooks account activity log for unusual login attempts or actions
  • Check for unexpected API calls or data access patterns in your application logs
  • Verify if there are any unauthorized changes to invoices, clients, or payment information
  • Monitor for unusual data export activities or bulk operations
  • Check if any new API integrations have been added to the account

Mitigation Instructions:

  • Log in to your FreshBooks account and navigate to Settings > Developer Portal

  • Locate the compromised OAuth token in the list of authorized applications

  • Click "Revoke Access" next to the compromised token
  • Generate a new OAuth token for legitimate applications that need access
  • Update your application configuration with the new token
  • Consider enabling two-factor authentication for your FreshBooks account
  • Review and update password policies for all users with access to the account
  • Monitor account activity for any signs of continued unauthorized access