QuickBooks API Secret
Service Name: QuickBooks (Intuit)
Service Description: QuickBooks is a comprehensive accounting software developed by Intuit that offers financial management solutions for small to medium-sized businesses, including invoicing, expense tracking, payroll, and tax filing capabilities.
Service Address: https://developer.intuit.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the Intuit Developer Portal under app settings.
Secret Access Scope: Grants programmatic access to QuickBooks financial data, including customer information, invoices, payments, expenses, and accounting records.
Secret Revokement URL: https://developer.intuit.com/app/developer/dashboard
Secret Example: e9Nf4R2cBmT6vZ8xK3sL1pQ7yU0jD5hG
Suspicious Activity Investigation Instructions:
- Review the OAuth token usage logs in the Intuit Developer Dashboard.
- Check for unusual API calls or data access patterns in the QuickBooks activity log.
- Monitor for unexpected changes to financial records or customer data.
- Verify if there are any unauthorized app connections to your QuickBooks account.
- Review recent changes to permissions or scopes granted to applications.
Mitigation Instructions:
- Log in to the Intuit Developer Dashboard at https://developer.intuit.com/app/developer/dashboard
- Navigate to your app settings.
- Locate and revoke the compromised client secret.
- Generate a new client secret for your application.
- Update your application code with the new client secret.
- Review and potentially reduce the OAuth scopes granted to your application.
- Enable additional security features like IP restrictions if available.
- Consider implementing webhook notifications for sensitive data changes.