Skip to content

Qase API Token

Service Name: Qase

Service Description: Qase is a test management platform that helps teams manage test cases, test runs, and defects. It provides tools for organizing testing processes, tracking results, and generating reports.

Service Address: https://qase.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level in the security settings.

Secret Access Scope: Grants programmatic access to Qase API, allowing management of test cases, test runs, defects, and other testing resources.

Secret Revokement URL: https://app.qase.io/user/api/token

Secret Example: f4c9bd0e2b4d5a6c7d8e9f0a1b2c3d4e

Suspicious Activity Investigation Instructions:

  • Review API access logs in your Qase account for unusual activity.
  • Check for unauthorized test case creation, modification, or deletion.
  • Monitor for unexpected test run executions or result modifications.
  • Verify if there are any unauthorized project access attempts.
  • Look for unusual API calls or access patterns from unfamiliar IP addresses.

Mitigation Instructions:

  • Log in to your Qase account and navigate to User Profile > API tokens.
  • Identify the compromised token and click the Delete button next to it.
  • Generate a new API token if needed.
  • Review and update your token permissions to follow the Principle of Least Privilege.
  • Consider implementing IP restrictions for API access in organization security settings.
  • Update any applications or integrations to use the new token.
  • Review your security practices for storing and handling API tokens.