Shopify Generic App Token
Description
General
- Documentation: https://shopify.dev/api/admin-rest
- Summary: Shopify is an e-commerce company that offers online retailers a suite of services including payments, marketing, shipping and customer engagement tools to simplify the process of running an online store. A public (or custom) application allows to integrate third-party web services with a Shopify store. This detector can catch leaked access tokens for generic apps, but cannot check their validity. Another detector can detect both the token and its associated Shopify subdomain, and verify their validity.
- IPs allowlist: This is not mentioned in the documentation.
- Scopes: The scope of each key depends on the rights associated with the related app.
Revoke the secret
Revocation and rotation of API keys is done with a specific workflow described in this documentation.
Check for suspicious activity
This feature is not mentioned in the documentation.
Details for Shopify generic app token
Family: Api
Category: E-commerce
Company: Shopify
High recall: True
Validity check available: False
Minimum number of matches: 1
Occurrences found for one million commits: 6.28
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- shp(ca|at|tka)_[a-f0-9]{32}
Examples
- text: |
shopify_app_secret: "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"
token: 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
Was this page helpful?
