Skip to main content

Slack App Token

Description

General

  • Documentation: https://api.slack.com, https://api.slack.com/authentication/token-types
  • Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. This detector focuses on catching Slack application tokens as they allow to take certain actions at the app level across organizations.

Revoke the secret

To revoke the credentials:

  1. Go to the App dashboard
  2. Select the application related to the token
  3. In the "App-Level Tokens" section, click on the token to revoke, then the "Revoke" button.

Details for Slack App Token

  • Family: token

  • Category: messaging_system

  • Company: Slack

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.81

  • Prefixed: True

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /api/auth.test

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.