diff --git a/services/backup/Cargo.lock b/services/backup/Cargo.lock
--- a/services/backup/Cargo.lock
+++ b/services/backup/Cargo.lock
@@ -960,6 +960,7 @@
  "base64 0.21.2",
  "bytes",
  "chrono",
+ "constant_time_eq",
  "derive_more",
  "futures-core",
  "futures-util",
@@ -973,6 +974,12 @@
  "tracing",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
+
 [[package]]
 name = "convert_case"
 version = "0.4.0"
diff --git a/services/blob/Cargo.lock b/services/blob/Cargo.lock
--- a/services/blob/Cargo.lock
+++ b/services/blob/Cargo.lock
@@ -1023,6 +1023,7 @@
  "aws-types",
  "base64 0.21.0",
  "chrono",
+ "constant_time_eq",
  "derive_more",
  "futures-core",
  "futures-util",
@@ -1035,6 +1036,12 @@
  "tracing",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
+
 [[package]]
 name = "convert_case"
 version = "0.4.0"
diff --git a/services/comm-services-lib/Cargo.lock b/services/comm-services-lib/Cargo.lock
--- a/services/comm-services-lib/Cargo.lock
+++ b/services/comm-services-lib/Cargo.lock
@@ -859,6 +859,7 @@
  "base64 0.21.0",
  "bytes",
  "chrono",
+ "constant_time_eq",
  "derive_more",
  "futures-core",
  "futures-util",
@@ -872,6 +873,12 @@
  "tracing",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
+
 [[package]]
 name = "convert_case"
 version = "0.4.0"
diff --git a/services/comm-services-lib/Cargo.toml b/services/comm-services-lib/Cargo.toml
--- a/services/comm-services-lib/Cargo.toml
+++ b/services/comm-services-lib/Cargo.toml
@@ -31,6 +31,7 @@
 aws-types = "0.55"
 base64 = "0.21"
 chrono = "0.4"
+constant_time_eq = "0.3"
 derive_more = "0.99"
 rand = "0.8"
 tokio = "1.32"
diff --git a/services/comm-services-lib/src/auth.rs b/services/comm-services-lib/src/auth.rs
--- a/services/comm-services-lib/src/auth.rs
+++ b/services/comm-services-lib/src/auth.rs
@@ -1,4 +1,5 @@
 use base64::{prelude::BASE64_STANDARD, Engine};
+use constant_time_eq::constant_time_eq;
 use derive_more::{Display, Error, From};
 use serde::{Deserialize, Serialize};
 use std::{str::FromStr, string::FromUtf8Error};
@@ -20,7 +21,7 @@
   ServicesToken(ServicesAuthToken),
 }
 
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+#[derive(Debug, Clone, Serialize, Deserialize, derive_more::Constructor)]
 pub struct ServicesAuthToken {
   #[serde(rename = "servicesToken")]
   token_value: String,
@@ -50,6 +51,12 @@
   }
 }
 
+impl PartialEq for ServicesAuthToken {
+  fn eq(&self, other: &Self) -> bool {
+    constant_time_eq(self.token_value.as_bytes(), other.token_value.as_bytes())
+  }
+}
+
 /// This implements [`actix_web::FromRequest`], so it can be used to extract user
 /// identity information from HTTP requests.
 /// # Example
diff --git a/services/commtest/Cargo.lock b/services/commtest/Cargo.lock
--- a/services/commtest/Cargo.lock
+++ b/services/commtest/Cargo.lock
@@ -631,6 +631,7 @@
  "aws-types",
  "base64 0.21.3",
  "chrono",
+ "constant_time_eq",
  "derive_more",
  "rand",
  "serde",
@@ -677,6 +678,12 @@
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "28c122c3980598d243d63d9a704629a2d748d101f278052ff068be5a4423ab6f"
 
+[[package]]
+name = "constant_time_eq"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
+
 [[package]]
 name = "convert_case"
 version = "0.4.0"
diff --git a/services/feature-flags/Cargo.lock b/services/feature-flags/Cargo.lock
--- a/services/feature-flags/Cargo.lock
+++ b/services/feature-flags/Cargo.lock
@@ -757,6 +757,7 @@
  "aws-types",
  "base64",
  "chrono",
+ "constant_time_eq",
  "derive_more",
  "rand",
  "serde",
@@ -765,6 +766,12 @@
  "tracing",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
+
 [[package]]
 name = "convert_case"
 version = "0.4.0"
diff --git a/services/reports/Cargo.lock b/services/reports/Cargo.lock
--- a/services/reports/Cargo.lock
+++ b/services/reports/Cargo.lock
@@ -956,6 +956,7 @@
  "base64 0.21.3",
  "bytes",
  "chrono",
+ "constant_time_eq",
  "derive_more",
  "futures-core",
  "futures-util",
@@ -969,6 +970,12 @@
  "tracing",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f7144d30dcf0fafbce74250a3963025d8d52177934239851c917d29f1df280c2"
+
 [[package]]
 name = "convert_case"
 version = "0.4.0"