Ionic Token
Service Name: Ionic Framework
Service Description: Ionic is an open-source UI toolkit for building high-quality, cross-platform native and web app experiences. It allows developers to build once and run everywhere with a single codebase for iOS, Android, and the web.
Service Address: https://ionicframework.com/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to Ionic services including Ionic Enterprise features, Appflow (Ionic's cloud build service), and other Ionic ecosystem services.
Secret Revokement URL: https://dashboard.ionicframework.com/settings/tokens
Secret Example: ionic_auth_token_a1b2c3d4e5f6g7h8i9j0
Suspicious Activity Investigation Instructions:
- Review Ionic Dashboard for unauthorized app builds or deployments
- Check for unexpected changes to app configurations or settings
- Monitor for unusual API calls or resource access patterns
- Examine logs for access from unfamiliar IP addresses or locations
- Verify if any unauthorized users have been added to your Ionic projects
Mitigation Instructions:
- Log in to the Ionic Dashboard at https://dashboard.ionicframework.com/
- Navigate to Settings > API Tokens
- Locate the compromised token and click "Revoke"
-
Generate a new token if needed
-
Update all legitimate applications and CI/CD pipelines with the new token
- Review project permissions and remove any unauthorized collaborators
- Enable two-factor authentication for your Ionic account if not already enabled
- Consider implementing token rotation policies for regular security maintenance