Monday.com API Token
Service Name: Monday.com
Service Description: Monday.com is a cloud-based work operating system that enables teams to manage projects, workflows, and tasks in a visual, collaborative environment. It provides customizable templates for various use cases including project management, sales CRM, marketing, and software development.
Service Address: https://monday.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level for Enterprise plans.
Secret Access Scope: Grants programmatic access to Monday.com resources including boards, items, updates, and users based on the token's permissions. Access can be read-only or read-write depending on the token configuration.
Secret Revokement URL: https://monday.com/developers/v2/docs/authentication#revoking-an-api-v2-token
Secret Example: eyJhbGciOiJIUzI1NiJ9.eyJ0aWQiOjE4MzM4MzI5LCJ1aWQiOjM5MzQ1NjgsImlhZCI6IjIwM jMtMDctMDVUMTI6MzQ6MDAuMDAwWiIsInBlciI6Im1lOndyaXRlIn0.7vPm9nK5jXYB6zQklAOO o4hNcT_dNQIZHAYPH9-1XZk
Suspicious Activity Investigation Instructions:
- Review the Monday.com audit logs for unusual API calls or access patterns.
- Check for unauthorized board or item creation, modification, or deletion.
- Monitor for unexpected changes to user permissions or workspace settings.
- Look for API calls from unusual geographic locations or outside business hours.
- Verify if there are any integrations or automations created without authorization.
Mitigation Instructions:
- Log in to your Monday.com account as an administrator.
- Navigate to Admin > API > Manage API Tokens.
- Locate the compromised token and click "Revoke" to immediately invalidate it.
- Create a new token with appropriate permissions if needed.
- Review and adjust permissions for the new token to follow the principle of least privilege.
- Consider enabling IP restrictions for API access if on an Enterprise plan.
- Review all integrations and automations to ensure they're authorized.
- Update your security policies to include regular rotation of API tokens.