Trello Webhook Callback Token
Service Name: Trello
Service Description: Trello is a web-based, Kanban-style list-making application that is a subsidiary of Atlassian. It is used for project management and task organization through boards, lists, and cards.
Service Address: https://trello.com/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to receive webhook notifications from Trello boards, lists, cards, or other Trello objects. The token allows verification that webhook callbacks are genuinely from Trello.
Secret Revokement URL: https://developer.atlassian.com/cloud/trello/guides/rest-api/webhooks/
Secret Example: e5e25aa97d9a3e5b52dddd818e5f209f3453ac3bc7f1d8a1ecd3d5d76d7a94bf
Suspicious Activity Investigation Instructions:
- Review the webhook configurations in your Trello Power-Up or application settings
- Check the Trello API logs for unusual webhook activity
- Monitor for unauthorized changes to webhook destinations
- Verify that webhook callbacks are being sent to the expected endpoints
- Review your application logs for any unexpected webhook processing
Mitigation Instructions:
- Delete the compromised webhook through the Trello API using a DELETE
request to https://api.trello.com/1/webhooks/{id}
- Create a new webhook with a fresh callback URL and token
- Update your application to use the new webhook token for verification
- Implement additional security measures such as IP filtering if possible
- Consider implementing HMAC verification for webhook payloads
- Review and update your secret management practices to prevent future
exposures