Decoding the Evernote Auth Token

If, like me, you are still persisting with Evernote’s aging API (I have two projects that use it) you will have come across the Auth Token that is used to validate requests. In today’s post we are going to try and unpack that.

What does it contain?

The raw Auth Token looks like this:

S=s3:U=13d80:E=1a4b63e2798:C=19d5e8cfb98:P=185:A=application-id:V=2:H=a3b92abc123567d7a6ec10b23cad2dfc

Which breaks down into eight parts as follows:

S=s3
U=13d80
E=1a4b63e2798
C=19d5e8cfb98
P=185
A=application-id
V=2
H=a3b92abc123567d7a6ec10b23cad2dfc

What each part means

S=s3

• Shard ID – Tells Evernote which backend cluster your account lives on.

U=13d80

• User ID (in hex) – Internal Evernote user identifier

E=1a4b63e2798

• Expiry timestamp – Stored as hex Unix timestamp (milliseconds)

Let’s decode that:

0x1a4b63e2798 = 1762374639000 (ms)

Convert to seconds:

1762374639

👉 That corresponds to roughly:

📅 5 November 2025, ~13:30 UTC

C=19d5e8cfb98

• Likely creation timestamp (also hex, ms) – When the token was issued

P=185

• Permissions bitmask – Defines what the token can access (notes, notebooks, etc.)

Decoding the Permissions bitmask

First: convert to binary

185 decimal = 10111001 binary

or:

128 + 32 + 16 + 8 + 1

So these bits are set:

What the bits likely mean

This is the best-known interpretation from old Evernote SDKs and token analysis:

So:

P=185

appears to represent:

✅ Read notes
✅ Update notes
✅ Create content
✅ Full-access OAuth token

A=application-id

• Application identifier – Your Evernote app name

V=2

• Token version

H=a3b92abc123567d7a6ec10b23cad2dfc

• Hash/signature – Used by Evernote to validate token integrity

Summary (in plain English)

Your token says:

“I belong to user 13d80, issued to app application-id, and I expired on 5 Nov 2025.”

More Secrets of Evernote

Want some more details of the inner workings of Evernote? Take a look at this post on “Decoding the Evernote Webhook“.