Facebook App Keys
#
Description#
General- Documentation: https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
- Summary: Facebook access tokens are strings used for identification and are of three types: either to identify a user, an application, or Page. Application access tokens are used to modify and read app settings. They can also be used to publish Open Graph actions. They are generated using a pre-agreed secret between the app and Facebook and is then used during calls that change app-wide settings.
- IPs allowlist: This feature is not available.
- Scopes: App access tokens are only limited to access and modify application data (no reach on users, pages, or clients).
#
Revoke the secretThere is no direct information on how to revoke app access token.
#
Check for suspicious activityFacebook API has access to an AppEventLogger class in order to monitor various activities (see here).
Facebook app keys
#
Details for Family: Api
Category: Social network
Company: Facebook
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 51.73
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - facebook - fb(-|_)?(client|app|id|key|secret)- type: BanMinifiedPreValidator threshold_minified: 0.8
#
Examples- text: > facebook String appId = "294790898041575"; String appSecret = "ce3f9f0362bbe5ab01dfc8ee565e4372" client_id: "294790898041575" client_secret: "ce3f9f0362bbe5ab01dfc8ee565e4372"- text: > String fb_id = "294790898041575"; String fb_secret = "ce3f9f0362bbe5ab01dfc8ee565e4372" client_id: "294790898041575" client_secret: "ce3f9f0362bbe5ab01dfc8ee565e4372"- text: > facebook String appId = "294790898041575"; String appSecret = "ce3f9f0362bbe5ab01dfc8ee565e4372" client_id: "294790898041575" client_secret: "ce3f9f0362bbe5ab01dfc8ee565e4372" filename: some_file.md