- Documentation: https://developer.squareup.com/reference/square
- Summary: Square is a financial service, merchant services aggregator, and mobile payment company. It markets software and hardware payment products. Square APIs enable to accept payments securely and to integrate applications with the solution. This detector aims at catching a pair of
client_secretcredentials used to authenticate during API calls and to grant access tokens. Another detector is available to detect Square access tokens.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: All pairs of
client_secrethave the same rights on a given account.
#Revoke the secret
Credentials can be rotated from the application's dashboard.
#Check for suspicious activity
This feature is not mentioned in the documentation.
Category: Payment system
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.09
- type: ContentWhitelistPreValidator patterns: - sq0idp-- type: ContentWhitelistPreValidator patterns: - sq0csp-
- text: "SQUAREUP_API_KEY = 'sq0idp-Y7WFLOjXXp00XXXp00_0_A' SQUAREUP_API_SECRET = 'sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0'" client_id: sq0idp-Y7WFLOjXXp00XXXp00_0_A client_secret: sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0