QuickBooks API Key
Service Name: QuickBooks
Service Description: QuickBooks is a comprehensive accounting software developed by Intuit that offers financial management solutions for small to medium-sized businesses, including invoicing, expense tracking, payroll, and tax filing capabilities.
Service Address: https://quickbooks.intuit.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the app level in the Intuit Developer Dashboard.
Secret Access Scope: Grants programmatic access to QuickBooks data and functionality, allowing applications to interact with financial records, customer information, invoices, and other accounting data.
Secret Revokement URL: https://developer.intuit.com/app/developer/dashboard
Secret Example: e9IxoUiRnUBCJcwKwGGvfGgTmUxRSPfQZmgJ
Suspicious Activity Investigation Instructions:
- Review the access logs in the Intuit Developer Dashboard for unusual API calls or access patterns.
- Check for unauthorized data exports or modifications to financial records.
- Monitor for unexpected changes to customer information or accounting data.
- Verify if the API key has been used from unusual geographic locations or IP addresses.
- Review application permissions to ensure they align with expected functionality.
Mitigation Instructions:
- Log in to the Intuit Developer Dashboard at https://developer.intuit.com/app/developer/dashboard
- Navigate to your application settings.
- Locate the compromised API key and select "Revoke" or "Delete".
- Generate a new API key with appropriate permissions.
- Update your application with the new API key.
- Consider implementing additional security measures such as IP restrictions.
- Review and adjust the OAuth scopes to limit access to only necessary QuickBooks data.
- Enable webhook notifications for critical data changes to monitor for suspicious activity.