Skip to content

Freshdesk API Token

Service Name: Freshdesk

Service Description: Freshdesk is a cloud-based customer support software that provides helpdesk support with all smart automations to get things done faster. It allows businesses to streamline their customer service operations through ticketing, knowledge base, and multi-channel support.

Service Address: https://freshdesk.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level in Freshdesk Admin settings.

Secret Access Scope: Grants programmatic access to Freshdesk API endpoints, allowing management of tickets, contacts, companies, solutions, and other Freshdesk resources.

Secret Revokement URL: https://support.freshdesk.com/en/support/solutions/articles/215517-how-to-find-your-api-key

Secret Example: 6A5Pdmg3GKPvTkdUtuHL

Suspicious Activity Investigation Instructions:

  • Review Freshdesk audit logs for unusual API calls or access patterns
  • Check for unauthorized ticket creation, modification, or deletion
  • Monitor for unusual data exports or bulk operations
  • Look for API calls from unfamiliar IP addresses or locations
  • Verify if there are any new automation rules or webhooks created

Mitigation Instructions:

  • Log in to your Freshdesk account as an administrator
  • Navigate to your profile settings (click your profile picture in the top-right

corner)

  • Select "Profile Settings"
  • Scroll down to the "API Key" section
  • Click "Reset API Key" to invalidate the current key and generate a new one
  • Update the API key in all legitimate applications that need access
  • Review and update IP restrictions in the Admin settings if necessary
  • Consider implementing role-based access controls to limit API permissions