Skip to main content

Square Credentials

Description#

General#

  • Documentation: https://developer.squareup.com/reference/square
  • Summary: Square is a financial service, merchant services aggregator, and mobile payment company. It markets software and hardware payment products. Square APIs enable to accept payments securely and to integrate applications with the solution. This detector aims at catching a pair of client_id and client_secret credentials used to authenticate during API calls and to grant accesss tokens. Another detector is available to detect Square access tokens.
  • IPs allowlist: This feature is not mentionned in the documentation.
  • Scopes: All pairs of client_id and client_secret have the same rights on a given account.

Revoke the secret#

Credentials can be rotated from the application's dashboard.

Check for suspicious activity#

This feature is not mentionned in the documentation.

Details for Square credentials#

  • Category: Payment system

  • Company: Square

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.09

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - sq0idp-- type: ContentWhitelistPreValidator  patterns:  - sq0csp-

Examples#

- text: "SQUAREUP_API_KEY = 'sq0idp-Y7WFLOjXXp00XXXp00_0_A'    SQUAREUP_API_SECRET = 'sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0'"  client_id: sq0idp-Y7WFLOjXXp00XXXp00_0_A  client_secret: sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0