Skip to content

Ionic Token

Service Name: Ionic Framework

Service Description: Ionic is an open-source UI toolkit for building high-quality, cross-platform native and web app experiences. It allows developers to build once and run everywhere with a single codebase for iOS, Android, and the web.

Service Address: https://ionicframework.com/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to Ionic services including Ionic Enterprise features, Appflow (Ionic's cloud build service), and other Ionic ecosystem services.

Secret Revokement URL: https://dashboard.ionicframework.com/settings/tokens

Secret Example: ionic_auth_token_a1b2c3d4e5f6g7h8i9j0

Suspicious Activity Investigation Instructions:

  • Review Ionic Dashboard for unauthorized app builds or deployments
  • Check for unexpected changes to app configurations or settings
  • Monitor for unusual API calls or resource access patterns
  • Examine logs for access from unfamiliar IP addresses or locations
  • Verify if any unauthorized users have been added to your Ionic projects

Mitigation Instructions:

  • Log in to the Ionic Dashboard at https://dashboard.ionicframework.com/
  • Navigate to Settings > API Tokens
  • Locate the compromised token and click "Revoke"
  • Generate a new token if needed

  • Update all legitimate applications and CI/CD pipelines with the new token

  • Review project permissions and remove any unauthorized collaborators
  • Enable two-factor authentication for your Ionic account if not already enabled
  • Consider implementing token rotation policies for regular security maintenance