Skip to main content

Dropbox Key

Description#

General#

  • Documentation: https://www.dropbox.com/developers/documentation/http/overview
  • Summary: The Dropbox API enables third party developers to integrate with Dropbox. To make testing the application easier, developers can generate access tokens for their own account. This detector finds Dropbox API tokens.
  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
  • Scopes: Yes.

Revoke the secret#

Go to the application's Developer Console and create a new token with the Generate button in the Generated access token section.

Check for suspicious activity#

In the application's Developer Console, there are analytics.

Details for Dropbox token#

  • Family: Api

  • Category: Data storage

  • Company: Dropbox

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1.53

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - a{7}

Examples#

- text: |    apikey dropbox= bda46abfdcaAAAAAAA--3c0c3965368a6b10f7640dbda46abfd23a4d1c245ea1  apikey: bda46abfdcaAAAAAAA--3c0c3965368a6b10f7640dbda46abfd23a4d1c245ea1
- text: |    accesstoken="jM06Xp1WUY0AAAAAAAAAAaGwqJv3BYdwgz6OWAvPsueuj4yC2VUcvnreJzbZwUQZ"  apikey: jM06Xp1WUY0AAAAAAAAAAaGwqJv3BYdwgz6OWAvPsueuj4yC2VUcvnreJzbZwUQZ