Slack App Token

Description

General

• Documentation: https://api.slack.com, https://api.slack.com/authentication/token-types
• Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. This detector focuses on catching Slack application tokens as they allow to take certain actions at the app level across organizations.
• IPs allowlist: IP allowlisting is supported only for internal application integrations. Read this documentation for more details.
• Scopes: Specific scopes can be attributed to the token during the token creation process.

Revoke the secret

To revoke the credentials:

1. Go to the App dashboard
2. Select the application related to the token
3. In the "App-Level Tokens" section, click on the token to revoke, then the "Revoke" button.

Check for suspicious activity

Monitoring suspicious activity of keys is not mentioned in Slack's documentation.

Details for Slack app token

• Family: Api

• Category: Messaging system

• Company: Slack

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.81

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - xapp-

Examples

- text: 'headers={"Authorization": f"Bearer xapp-1-IEMF8IMY1OQ-4037076220459-85c370b433e366de369c4ef5abdf41253519266982439a75af74a3d68d543fb6"}'
  apikey: xapp-1-IEMF8IMY1OQ-4037076220459-85c370b433e366de369c4ef5abdf41253519266982439a75af74a3d68d543fb6
- text: MY_SLACK_TOKEN = 'xapp-1-BM3V7LC51DA-1441525068281-86641a2582cd0903402ab523e5bcc53b8253098c31591e529b55b41974d2e82f'
  apikey: xapp-1-BM3V7LC51DA-1441525068281-86641a2582cd0903402ab523e5bcc53b8253098c31591e529b55b41974d2e82f

Was this page helpful?