Skip to content

Sentry Token

Service Name: Sentry

Service Description: Sentry is an application monitoring and error tracking software that helps developers identify and fix crashes in real time. It provides visibility into application performance and helps teams prioritize bugs based on user impact.

Service Address: https://sentry.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Sentry's security settings.

Secret Access Scope: Grants programmatic access to Sentry's API, allowing users to manage projects, teams, issues, events, and other resources within a Sentry organization.

Secret Revokement URL: https://sentry.io/settings/account/api/auth-tokens/

Secret Example: 9c1e23d57f704e87a9125ded82b27279

Suspicious Activity Investigation Instructions:

  • Review the Sentry audit logs for unusual API calls or resource access.
  • Check for unauthorized project creation or modifications.
  • Monitor for unusual event volume or patterns that could indicate abuse.
  • Verify if the token has been used from unusual IP addresses or locations.
  • Review any recent changes to organization settings or team memberships.

Mitigation Instructions:

  • Log in to your Sentry account at https://sentry.io/.
  • Navigate to Settings > Account > API > Auth Tokens.
  • Locate the compromised token in the list.
  • Click the Revoke button next to the token to immediately invalidate it.
  • Create a new token with appropriate scopes if needed.
  • Review all projects and settings for any unauthorized changes.
  • Consider enabling additional security features like two-factor authentication.
  • Update any applications or services that were using the revoked token with a new token.