Skip to content

Wakatime OAuth Access Token

Service Name: WakaTime

Service Description: WakaTime is a developer productivity and time tracking tool that automatically generates metrics and insights about programming activity. It integrates with various code editors and IDEs to track coding time and provides analytics on programming languages, projects, and coding habits.

Service Address: https://wakatime.com/

Validation Type: API Auth

IP Allow list: Does not exist

Secret Access Scope: Grants access to a user's WakaTime account data, including coding statistics, projects, and activity logs. The token allows API operations based on the granted OAuth scopes.

Secret Revokement URL: https://wakatime.com/settings/account

Secret Example: waka_tok_abcdef0123456789abcdef0123456789

Suspicious Activity Investigation Instructions:

  • Review the WakaTime dashboard for any unauthorized access or unusual activity
  • Check the API usage logs for unexpected API calls or data access
  • Verify if there are any new integrations or applications connected to your WakaTime account
  • Monitor for changes in account settings or preferences that you did not make
  • Review the IP addresses that have accessed your account recently

Mitigation Instructions:

  • Log in to your WakaTime account at https://wakatime.com/login
  • Navigate to Account Settings.
  • Under the Connected Applications section, find and revoke the compromised OAuth token.
  • Change your WakaTime account password immediately
  • Enable two-factor authentication if not already enabled
  • Review and remove any suspicious integrations or applications
  • Generate a new OAuth token if needed for legitimate applications
  • Monitor your account for any further suspicious activity