- Documentation: https://developer.squareup.com/reference/square
- Summary: Square is a financial service, merchant services aggregator, and mobile payment company. It markets software and hardware payment products. Square APIs enable to accept payments securely and to integrate applications with the solution. This detector aims at catching a pair of
client_secretcredentials used to authenticate during API calls and to grant accesss tokens. Another detector is available to detect Square access tokens.
- IPs allowlist: This feature is not mentionned in the documentation.
- Scopes: All pairs of
client_secrethave the same rights on a given account.
Credentials can be rotated from the application's dashboard.
This feature is not mentionned in the documentation.
Category: Payment system
High recall: True
Validity check available: True
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.09
- type: FilenameBanlistPreValidator banlist_extensions: - ^(cs|x|p|s|r)?html5?~?$ - ^[aps]?cssc?~?$ - ^lock$ - ^mdx?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames:  check_binaries: false- type: ContentWhitelistPreValidator patterns: - sq0idp-- type: ContentWhitelistPreValidator patterns: - sq0csp-
- text: "SQUAREUP_API_KEY = 'sq0idp-Y7WFLOjXXp00XXXp00_0_A' SQUAREUP_API_SECRET = 'sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0'" client_id: sq0idp-Y7WFLOjXXp00XXXp00_0_A client_secret: sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0