Clockwork Key

Description

General

• Documentation: https://www.clockworksms.com/doc/
• Summary: Clockwork SMS offers a service to send and receive SMS from an application. They provide an API, and various wrapper to interact with it. The authentication method relies on an API key that needs to be attached to every call.
• IPs allowlist: Clockwork SMS mentions IP allowlisting in their security documentation
• Scopes: Associating scopes to API key is not specified in the documentation.

Revoke the secret

The procedure to revoke the API key is not specified in the documentation.

Check for suspicious activity

Checking for suspicious activity is not mentioned in the documentation.

Details for Clockwork SMS Key

• Family: token

• Category: messaging_system

• Company: Clockwork

• High recall: False

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 1

• Occurrences found for one million commits: very rare

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames:
    - Godeps
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - clockwork

Examples

- text: |
    clockwork api=3c3a8964368a3b10f8645dbde42abfbca980a2a3
  apikey: 3c3a8964368a3b10f8645dbde42abfbca980a2a3
- text: clockwork api=3c3a8964368a3b10f8645dbde42abfbca980a2a3

  apikey: 3c3a8964368a3b10f8645dbde42abfbca980a2a3