Skip to main content

Mattermost Personal Token

Description

General

  • Documentation: https://developers.mattermost.com/integrate/reference/personal-access-token/
  • Summary: Mattermost is an open-source messaging app. Tokens allow users to interact with the app. By default only admin users can create personal tokens, so they have full access to the account including System Admin privileges (see doc. Leaking a Mattermost admin personal token is a highly critical incident.
  • IPs allowlist: This feature is not available.
  • Scopes: Personal access tokens share the same permissions as the user.

Revoke the secret

Tokens can be revoked from the account setting or the system console. Token can also be temporarily deactivated.

Check for suspicious activity

Logs related to the token can be inspected in the system console.

Details for Mattermost personal token

  • Family: Api

  • Category: Messaging system

  • Company: Mattermost

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.13

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - mattermost

Examples

- text: "def mmsend(message,hasData,fpath): #mattermost
    SERVER_URL = 'http://oatcouture.tw:8065'
    mmKey = '9kih4c69v7bcpbgf174usrlgie'"
  host: http://oatcouture.tw:8065
  token: 9kih4c69v7bcpbgf174usrlgie

- text: 'service: mattermost
    url: https://mattermost.my-company.com
    personal_token: b957n67ahin90ba4f4dt14966v'
  host: https://mattermost.my-company.com
  token: b957n67ahin90ba4f4dt14966v

- text: "def fetchUsersFromMattermost do
    -	url = 'http://56.91.164.139:8065/api/v4/users'
    -	headers = [{'Authorization', 'Bearer jh7cgmr3tod5igzkavtwrhr5ia'}"
  host: http://56.91.164.139:8065
  token: jh7cgmr3tod5igzkavtwrhr5ia

- text: "mattermost_url = 'https://chat.coworkers.com/api/v4/users'
    headers = [{'Authorization', 'Bearer ih7kjnr4otd5igzroptwrhu6op'},
    {'Content-Type', 'application/json; charset=utf-8'}]"
  host: https://chat.coworkers.com
  token: ih7kjnr4otd5igzroptwrhu6op

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status