Skip to content

Freshdesk Messaging Token

Service Name: Freshdesk Messaging (formerly Freshchat)

Service Description: Freshdesk Messaging is a modern customer messaging software that helps businesses engage with customers across websites, mobile apps, and social messaging platforms through live chat and AI-powered chatbots.

Service Address: https://www.freshworks.com/live-chat-software/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Freshworks security settings

Secret Access Scope: Grants programmatic access to Freshdesk Messaging APIs, allowing management of conversations, users, agents, and messaging channels

Secret Revokement URL: https://developers.freshworks.com/docs/freshchat/api/#revoking-api-tokens

Secret Example: d8e8fca2dc0f896fd7cb4cb0031ba249

Suspicious Activity Investigation Instructions:

  • Review the Freshdesk Messaging audit logs for unusual API calls or access patterns
  • Check for unauthorized agent accounts or unexpected changes to messaging configurations
  • Monitor for unusual conversation volumes or automated message patterns
  • Verify recent changes to webhooks or integrations
  • Review IP addresses that have accessed the API recently

Mitigation Instructions:

  • Immediately revoke the compromised API token through the Freshdesk

Messaging dashboard

  • Generate a new API token with appropriate permissions
  • Update any legitimate applications or integrations with the new token
  • Enable IP restrictions for API access if available
  • Review and update security settings in your Freshdesk Messaging account
  • Consider implementing webhook signatures for additional security
  • Audit all integrations and remove any that are no longer needed