Zendesk Token
Service Name: Zendesk
Service Description: Zendesk is a customer service software company that provides a cloud-based help desk management solution. It offers tools for customer support, ticketing systems, knowledge bases, and live chat functionality to help businesses improve their customer service operations.
Service Address: https://www.zendesk.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the account level in Zendesk Admin Center under Security settings.
Secret Access Scope: Grants programmatic access to Zendesk APIs, allowing management of tickets, users, organizations, and other Zendesk resources depending on the token's permissions.
Secret Revokement URL: https://support.zendesk.com/hc/en-us/articles/4408889192858-Managing-API-tokens-for-agents
Secret Example: 6wiIBWbGkBMo1mRDMuVwkw1EPsNkeUj95PIz2akv
Suspicious Activity Investigation Instructions:
- Review Zendesk audit logs for unusual API calls or access patterns
- Check for unauthorized ticket creation, modification, or deletion
- Monitor for unusual data exports or bulk operations
- Look for access from unexpected geographic locations or IP addresses
- Verify if sensitive customer data has been accessed or exported
Mitigation Instructions:
-
Log in to your Zendesk Admin account
-
Navigate to Admin Center > Apps and Integrations > APIs > Zendesk API
- Find the compromised API token in the list
- Click the delete (trash) icon next to the token to revoke it
- Create a new token with appropriate permissions if needed
- Consider implementing IP restrictions for API access
- Review and update agent permissions to follow the principle of least privilege
- Enable two-factor authentication for all Zendesk users