Shopify Private App Token

Description

General

• Documentation: https://help.shopify.com/en/manual/apps/private-apps
• Summary: Shopify is an e-commerce company that offers online retailers a suite of services including payments, marketing, shipping and customer engagement tools to simplify the process of running an online store. A private application allows to integrate custom web services with a Shopify store, by associating credentials to a given scope over the Shopify API.
• IPs allowlist: This is not mentioned in the documentation.
• Scopes: Various scopes can be attributed to an application. Read the Access scopes page of the documentation for more details.

Revoke the secret

There doesn't seem to be a simple way to revoke this secret within an application. In order to revoke the secret, delete the private application, and create a new one with the same scopes.

Check for suspicious activity

This feature is not mentioned in the documentation.

Details for Shopify Private App Token

• Family: token

• Category: e_commerce

• Company: Shopify

• High recall: True

• Validity check available: False

• Analyzer available: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 1.81

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - shppa_[a-f0-9]{32}

Examples

- text: |
    shopify_app_secret: "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"
  token: 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

# Fat-fingered secret
- text: X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
  token: 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