# OAuth / API Token Abuse **MITRE ATTACK layer:** Initial Access / Persistence OAuth and API token abuse occurs when access tokens or API keys meant for trusted applications are misused to enter systems without user credentials. By exploiting these tokens, attackers can gain extended or unauthorized access to data and services, often remaining undetected while operating under the appearance of legitimate applications. ## How is OAuth / API Token Abuse abused Attackers gain access to protected APIs and services without passwords or multi-factor checks, through token hijacking, misuse of consent permissions, or exposed secrets in public code, making detection difficult. ## Why OAuth / API Token Abuse matters OAuth and API token abuse can leave attackers with long-term, quiet access to cloud environments and sensitive data stores. That access often survives password changes, allowing movement across connected services and repeated data exposure, which increases the risk of large-scale breaches and prolonged security incidents. ## Real-world example #### Attackers obtained OAuth and refresh tokens from the Salesloft—Drift integration and used them to enter Salesforce customer environments, accessing internal systems and extracting sensitive credentials and business data without triggering standard login defenses. [Source](https://www.techradar.com/pro/security/salesloft-breached-to-steal-oauth-tokens-for-salesforce-data-theft-attacks?) ## Related topics ### Brute Force Attack Initial Access / Persistence [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/brute-force-attack.html) ### Amazon Web Services (AWS) Attacks Initial Access / Persistence [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/aws-attacks.html) ### Web Session Cookie Theft Initial Access / Persistence [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/web-session-cookie-theft.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)