Shopify Generic App Token With Subdomain
Description
General
- Documentation: https://shopify.dev/api/admin-rest
- Summary: Shopify is an e-commerce company that offers online retailers a suite of services including payments, marketing, shipping and customer engagement tools to simplify the process of running an online store. A public (or custom) application allows to integrate third-party web services with a Shopify store. This detector focuses on detecting couples composed of a shopify subdomain along with its associated token, and also checks their validity. Another detector is available to catch solely the access token, without the ability to check its validity.
Revoke the secret
Revocation and rotation of API keys is done with a specific workflow described in this documentation.
Details for Shopify Generic App Token With Subdomain
-
Family: token
-
Category: e_commerce
-
Company: Shopify
-
High recall: True
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 4.67
-
Prefixed: True
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 1
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /admin/oauth/access_scopes.json
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.