- Documentation: https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
- Summary: Facebook access tokens are strings used for identification and are of three types: either to identify a user, an application, or Page. Application access tokens are used to modify and read app settings. They can also be used to publish Open Graph actions. They are generated using a pre-agreed secret between the app and Facebook and is then used during calls that change app-wide settings.
- IPs allowlist: This feature is not available.
- Scopes: App access tokens are only limited to access and modify application data (no reach on users, pages, or clients).
There is no direct information on how to revoke app access token.
Facebook API has access to an AppEventLogger class in order to monitor various activities (see here).
Facebook app keys#
Category: Social network
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 45.8
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r|m)?html5?~?$ - ^[aps]?cssc?~?$ - ^lock$ - ^mdx?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames:  check_binaries: false- type: ContentWhitelistPreValidator patterns: - facebook - fb(-|_)?(client|app|id|key|secret)- type: BanMinifiedPreValidator threshold_minified: 0.8
- text: > facebook String appId = "294790898041575"; String appSecret = "ce3f9f0362bbe5ab01dfc8ee565e4372" client_id: "294790898041575" client_secret: "ce3f9f0362bbe5ab01dfc8ee565e4372"- text: > String fb_id = "294790898041575"; String fb_secret = "ce3f9f0362bbe5ab01dfc8ee565e4372" client_id: "294790898041575" client_secret: "ce3f9f0362bbe5ab01dfc8ee565e4372"