Skip to main content

Salesforce Refresh Tokens



  • Documentation:
  • Summary: Salesforce provides customer relationship management services. Its APIs enable to add functionality with third party application. A token is given when a user authorizes an app. It expires after some time and can be renewed with the refresh token. This detector finds these latter refresh tokens.
  • IPs allowlist: This feature is not supported.
  • Scopes: Yes. Each APIs has its set of permissions.

Revoke the secret#

The user can revoke the credentials in the web application.

Check for suspicious activity#

This feature is not supported.

Details for Salesforce refresh tokens#

  • Family: Api

  • Category: CRM

  • Company: Salesforce

  • High recall: True

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 1.23

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - 5aep861


- text: >    String refresh_token = "5Aep861..zRMyCurAUqXuPX5uJN1Yk7ghc6h4Cv7m6IPMhhMvOivwnD7dLeOFes5eM6el.JJ8pgW8h3tTQ3gnrr";    String access_token = "00D6F000002Tjy4!AQgAQK9zwJVvIAe2jK0Gd1SAhMTh0GCfrNk7QKAoSqjmlXwR71qctjLAyH.3itQcVKbspfGOdgazIk7oSwWniS0wxmhUj0Bs";  refresh_token: 5Aep861..zRMyCurAUqXuPX5uJN1Yk7ghc6h4Cv7m6IPMhhMvOivwnD7dLeOFes5eM6el.JJ8pgW8h3tTQ3gnrr  access_token: 00D6F000002Tjy4!AQgAQK9zwJVvIAe2jK0Gd1SAhMTh0GCfrNk7QKAoSqjmlXwR71qctjLAyH.3itQcVKbspfGOdgazIk7oSwWniS0wxmhUj0Bs