Skip to main content

Square Token

Description#

General#

  • Documentation: https://developer.squareup.com/reference/square
  • Summary: Square is a financial service, merchant services aggregator, and mobile payment company. It markets software and hardware payments products. Square APIs enable to accept payments securely and to integrate applications with the solution. This detector aims at catching short living access tokens that are issued using main credentials. Another detector is available to catch pairs of main credentials.
  • IPs allowlist: This feature is not mentionned in the documentation.
  • Scopes: Applications integrating with Square can be granted with various authorizations levels. The documentation details the OAuth process, and the list of available permissions can found in the "Permissions Reference" page of the documentation. An access token has the same level of access as the application it is tied to.

Revoke the secret#

An application can be revoked by the end-user himself revoking all OAuth tokens associated to it. The application can directly revoke all OAuth tokens issued from the Square dashboard, or using the API.

Check for suspicious activity#

This feature is not mentionned in the documentation.

Details for Square token#

  • Category: Payment system

  • Company: Square

  • High recall: True

  • Validity check available: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.4

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - sq0atp-

Examples#

- text: "Authorization: Bearer sq0atp-galzvO-5aJ37J_yV-KO1oQ"  apikey: sq0atp-galzvO-5aJ37J_yV-KO1oQ- text: "sq0atp-NgXnwnDdVQr2du0O2MAieg"  apikey: sq0atp-NgXnwnDdVQr2du0O2MAieg