Skip to main content

Shopify Generic App Token With Subdomain

Description

General

  • Documentation: https://shopify.dev/api/admin-rest
  • Summary: Shopify is an e-commerce company that offers online retailers a suite of services including payments, marketing, shipping and customer engagement tools to simplify the process of running an online store. A public (or custom) application allows to integrate third-party web services with a Shopify store. This detector focuses on detecting couples composed of a shopify subdomain along with its associated token, and also checks their validity. Another detector is available to catch solely the access token, without the ability to check its validity.

Revoke the secret

Revocation and rotation of API keys is done with a specific workflow described in this documentation.

Details for Shopify Generic App Token With Subdomain

  • Family: token

  • Category: e_commerce

  • Company: Shopify

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 4.67

  • Prefixed: True

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /admin/oauth/access_scopes.json

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.