Skip to content

Tableau API Token

Service Name: Tableau

Service Description: Tableau is a visual analytics platform that helps people see and understand data. It offers interactive data visualization software focused on business intelligence.

Service Address: https://www.tableau.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the site level through Tableau Server's trusted authentication and IP safe lists.

Secret Access Scope: Grants programmatic access to Tableau REST API, allowing users to manage and interact with Tableau Server resources including workbooks, data sources, users, and sites.

Secret Revokement URL: https://help.tableau.com/current/server/en-us/security_personal_access_tokens.htm

Secret Example: T0k3n_1AbCd2EfGh3IjKl4MnOp5QrSt6UvWx7YzA8BbCc9DdEe0FfGg1HhIi2JjKk

Suspicious Activity Investigation Instructions:

  • Review Tableau Server's administrative views for unusual access patterns
  • Check the Tableau Server logs for API calls made with the token
  • Monitor for unauthorized content creation, modification, or deletion
  • Examine any scheduled extract refreshes or subscriptions created through the API
  • Verify if there are any permission changes made to workbooks or data sources

Mitigation Instructions:

  • Log in to Tableau Server as an administrator
  • Navigate to the user's profile settings
  • Select the "Settings" tab
  • Locate the "Personal Access Tokens" section
  • Find the compromised token and click "Delete"
  • Create a new token if needed with appropriate permissions
  • Update any legitimate applications or scripts to use the new token
  • Consider implementing more restrictive token permissions for future tokens