Zendesk API Key
Service Name: Zendesk
Service Description: Zendesk is a customer service software company that provides a cloud-based help desk management solution. It offers tools for customer support, ticketing systems, and knowledge base management to improve customer relationships.
Service Address: https://www.zendesk.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level in Zendesk Admin Center under Security settings.
Secret Access Scope: Grants programmatic access to Zendesk APIs, allowing management of tickets, users, organizations, and other Zendesk resources.
Secret Revokement URL: https://support.zendesk.com/hc/en-us/articles/4408889192858-Managing-API-tokens
Secret Example: 1abc2def3ghi4jkl5mno6pqr7stu8vwx
Suspicious Activity Investigation Instructions:
- Review Zendesk audit logs for unusual API calls or access patterns
- Check for unauthorized ticket creation, modification, or deletion
- Monitor for unexpected data exports or bulk operations
- Verify if there are any new integrations or applications connected to your Zendesk account
- Look for unusual login locations or times associated with API usage
Mitigation Instructions:
-
Log in to your Zendesk Admin Center
-
Navigate to the Admin Center > Apps and integrations > APIs > Zendesk API
- Find the compromised API token in the list
- Click the delete (trash can) icon next to the token
- Confirm deletion when prompted
- Create a new API token with appropriate permissions if needed
- Update any legitimate applications that were using the old token
- Review and adjust API access permissions for all remaining tokens