Skip to main content

Clockwork Key

Description#

General#

  • Documentation: https://www.clockworksms.com/doc/
  • Summary: Clockwork SMS offers a service to send and receive SMS from an application. They provide an API, and various wrapper to interact with it. The authentication method relies on an API key that needs to be attached to every call.
  • IPs allowlist: Clockwork SMS mentions IP allowlisting in their security documentation
  • Scopes: Associating scopes to API key is not specified in the documentation.

Revoke the secret#

The procedure to revoke the API key is not specified in the documentation.

Check for suspicious activity#

Checking for suspicious activity is not mentioned in the documentation.

Details for Clockwork#

  • Family: Api

  • Category: Messaging system

  • Company: Clockwork

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames:  - Godeps  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - clockwork

Examples#

- text: |    clockwork api=3c3a8964368a3b10f8645dbde42abfbca980a2a3  apikey: 3c3a8964368a3b10f8645dbde42abfbca980a2a3- text: clockwork api=3c3a8964368a3b10f8645dbde42abfbca980a2a3
  apikey: 3c3a8964368a3b10f8645dbde42abfbca980a2a3  filename: some_file.md