Xero Tenant ID Token
Service Name: Xero
Service Description: Xero is a cloud-based accounting software platform for small and medium-sized businesses that offers a range of financial management tools including invoicing, expense tracking, payroll, and financial reporting.
Service Address: https://www.xero.com/
Validation Type: API Auth
IP Allow list: Does not exist at the token level, but IP restrictions can be configured at the organization level through Xero's security settings.
Secret Access Scope: Grants access to specific organization (tenant) data within Xero's API. The tenant ID identifies which specific organization's data the API token can access.
Secret Revokement URL: https://developer.xero.com/app/manage
Secret Example: 6d79757a-e95c-4a3f-8c7b-2f11a4bd2c98
Suspicious Activity Investigation Instructions:
- Review Xero activity logs for unauthorized access or unusual operations
- Check for unexpected API calls or data exports in the Xero audit history
- Verify if there are any new user accounts or changed permissions
- Monitor for unusual transaction patterns or financial data modifications
- Review connected app authorizations in the Xero dashboard
Mitigation Instructions:
- Log in to your Xero developer account at https://developer.xero.com/
- Navigate to "My Apps" and select the application associated with the token
-
Click on "Revoke Access" to invalidate the token
-
Generate a new tenant ID token if needed for legitimate applications
- Review and update API access permissions for the application
- Enable two-factor authentication for all Xero accounts
- Audit all connected applications and remove unnecessary integrations
- Update passwords for all Xero users with administrative access