Skip to content

TeamCity API Token

Service Name: TeamCity

Service Description: TeamCity is a continuous integration and deployment server developed by JetBrains. It provides a powerful and user-friendly CI/CD solution that supports various build configurations, version control systems, and automated testing frameworks.

Service Address: https://www.jetbrains.com/teamcity/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the server level through TeamCity's built-in access management settings.

Secret Access Scope: Grants programmatic access to TeamCity REST API, allowing automation of build configurations, project management, and retrieval of build results.

Secret Revokement URL: https://teamcity-instance-url/profile.html?item=accessTokens (replace teamcity-instance-url with your actual TeamCity server URL)

Secret Example: eyJ0eXAiOiAiVENWMiJ9.ZGZzZGZzZGZzZGZzZGZzZGY.ZmRmc2Rmc2Rmc2Rmc2Rmc2Rm

Suspicious Activity Investigation Instructions:

  • Review TeamCity audit logs for unusual API calls or access patterns
  • Check for unauthorized build configurations or modifications to existing builds
  • Monitor for unexpected project creation or deletion activities
  • Examine build agent usage for unauthorized or unusual build executions
  • Review user access logs for suspicious login attempts using the token

Mitigation Instructions:

  • Log in to your TeamCity server as an administrator
  • Navigate to your user profile by clicking on your username in the top-right corner
  • Select "Access Tokens" from the menu
  • Find the compromised token in the list and click "Revoke"
  • Generate a new token with appropriate permissions if needed
  • Consider implementing more restrictive token permissions using TeamCity's role-based access control
  • Update any legitimate applications or scripts that were using the revoked token
  • Review TeamCity server security settings and consider implementing IP restrictions for API access