Shopify Generic App Token
#
Description#
General- Documentation: https://shopify.dev/api/admin-rest
- Summary: Shopify is an e-commerce company that offers online retailers a suite of services including payments, marketing, shipping and customer engagement tools to simplify the process of running an online store. A public (or custom) application allows to integrate third-party web services with a Shopify store. This detector can catch leaked access tokens for generic apps, but cannot check their validity. Another detector can detect both the token and its associated Shopify subdomain, and verify their validity.
- IPs allowlist: This is not mentioned in the documentation.
- Scopes: The scope of each key depends on the rights associated with the related app.
#
Revoke the secretRevocation and rotation of API keys is done with a specific workflow described in this documentation.
#
Check for suspicious activityThis feature is not mentioned in the documentation.
Shopify generic app token
#
Details for Family: Api
Category: E-commerce
Company: Shopify
High recall: True
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 6.28
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator patterns: - shp(ca|at|tka)_[a-f0-9]{32}
#
Examples- text: | shopify_app_secret: "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" token: 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