Zoho CRM Token
Service Name: Zoho CRM
Service Description: Zoho CRM is a cloud-based customer relationship management platform that helps businesses manage sales, marketing, customer support, and inventory management in a single system.
Service Address: https://www.zoho.com/crm/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level in Zoho CRM settings.
Secret Access Scope: Grants programmatic access to Zoho CRM data, including contacts, leads, accounts, deals, and other CRM modules based on the user's permissions.
Secret Revokement URL: https://accounts.zoho.com/home#security/
Secret Example: 1000.a1b2c3d4e5f6g7h8i9j0.a1b2c3d4e5f6g7h8i9j0
Suspicious Activity Investigation Instructions:
- Review the Zoho CRM audit logs for unusual API calls or data access patterns.
- Check for unauthorized data exports or bulk operations.
- Monitor for changes to user permissions or settings.
- Verify if there are any unusual login locations or times associated with the token usage.
- Check for any new integrations or connected applications that were recently added.
Mitigation Instructions:
-
Log in to your Zoho Accounts at https://accounts.zoho.com/.
-
Navigate to the "Security" section.
- Under "API Tokens" or "Connected Apps", locate the compromised token.
- Click "Revoke" or "Delete" next to the token to invalidate it.
- Generate a new token if needed, with appropriate scopes and permissions.
- Consider implementing IP restrictions for API access in your Zoho CRM settings.
- Review and update your organization's security policies for handling API tokens.
- Enable two-factor authentication for all users with API access.