Shopify Generic App Token With Subdomain
- Documentation: https://shopify.dev/api/admin-rest
- Summary: Shopify is an e-commerce company that offers online retailers a suite of services including payments, marketing, shipping and customer engagement tools to simplify the process of running an online store. A public (or custom) application allows to integrate third-party web services with a Shopify store. This detector focuses on detecting couples composed of a shopify subdomain along with its associated token, and also checks their validity. Another detector is available to catch solely the access token, without the ability to check its validity.
- IPs allowlist: This is not mentioned in the documentation.
- Scopes: Tokens have different scopes. It is possible to choose which scopes to grant the tokens when creating them.
Revoke the secret
Revocation and rotation of API keys is done with a specific workflow described in this documentation.
Check for suspicious activity
This feature is not mentioned in the documentation.
Shopify generic app token subdomain
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 1.76
- type: ContentWhitelistPreValidator
- text: |