Salesforce Refresh Token
Service Name: Salesforce
Service Description: Salesforce is a cloud-based customer relationship management (CRM) platform that helps businesses manage their sales, customer service, marketing automation, analytics, and application development.
Service Address: [https://salesforce.com](https://salesforce.com/)
Salesforce Refresh Token
SALESFORCE_REFRESH_TOKEN
-
Validation Type: -
-
IP Allow list: Does not exist
-
Secret Access Scope: Grants long-term access to Salesforce APIs without requiring user re-authentication.
-
Secret Revokement URL: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_revoke_token.htm
-
Secret Example:
5Aep8nFLn5xvTEPrNOLVkTyRSQ9FVs3xYxSA1cGHvUzN8B5JKIm0oU8JyRqwersdfghjklzxcvbnmqwertyuioplkjhgfdsazxcvbnm -
Suspicious Activity Investigation Instructions:
-
Review Salesforce login history for unauthorized access.
-
Check Setup Audit Trail for changes made to user permissions or configurations.
-
Examine API usage logs for unusual patterns or excessive data retrieval.
-
Monitor for unexpected OAuth integrations or connected apps.
-
-
Mitigation Instructions:
-
Log in to Salesforce as an administrator.
-
Navigate to Setup > Apps > Connected Apps > Manage Connected Apps.
-
Find the connected app associated with the token.
-
Click "Revoke Access" to invalidate the refresh token.
-
Rotate any associated client secrets.
-
Review and update OAuth policies for the connected app.
-