Freshservice API Key
Service Name: Freshservice
Service Description: Freshservice is an ITIL-aligned, cloud-based IT service management (ITSM) solution that helps organizations streamline their IT operations, manage IT assets, and deliver exceptional service experiences.
Service Address: https://freshservice.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level through Freshservice's security settings.
Secret Access Scope: Grants programmatic access to Freshservice API endpoints, allowing management of tickets, assets, changes, problems, and other ITSM functions.
Secret Revokement URL: https://[your-domain].freshservice.com/admin/api_keys
Secret Example: 6baa8f2e8c9d4ea3b695e51f28d54367
Suspicious Activity Investigation Instructions:
- Review API access logs in Freshservice Admin Console for unusual activity patterns.
- Check for unauthorized ticket creation, modification, or deletion.
- Monitor for unexpected asset management changes or configuration modifications.
- Examine API usage patterns for abnormal request volumes or access times.
- Verify if the API key was used from unusual geographic locations.
Mitigation Instructions:
-
Log in to your Freshservice admin portal.
-
Navigate to Admin > API Settings.
- Locate the compromised API key in the list.
- Click the "Revoke" or "Delete" button next to the API key.
- Generate a new API key if needed for legitimate applications.
- Update any authorized applications with the new API key.
- Consider implementing IP restrictions for API access in the security settings.
- Review and update your API key rotation policies.
- Audit all integrations that use Freshservice API keys to ensure they're secure.