Slack Configuration Refresh Token
Description
General
- Documentation: https://api.slack.com
- Summary: Slack is a business communication platform. Configuration tokens expire 12 hours after being generated. To continually rotate them, a refresh token is also provided. Using a refresh token will generate new configuration and refresh tokens.
- IPs allowlist: Slack's internal integrations support IPs allowlisting and will limit a token's usage to a given set of IP addresses if enforced. See allowlisting documentation for more details.
- Scopes: There is one refresh token per configuration token.
Revoke the secret
Tokens can be revoked in the Managing Configuration Tokens section of the Slack API docs, or by using the auth.revoke API route. See revocation documentation for more details.
Check for suspicious activity
Monitoring suspicious activity of a given token is not mentioned in Slack's documentation.
Details for Slack configuration refresh token
Family: Api
Category: Messaging system
Company: Slack
High recall: True
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.43
Prefixed: True
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- xoxe-
Examples
- text: refresh_token1= "xoxe-1-My0xLTMxNzcwMjQ0MTcxMy01MTU4MTUyNjkxNzE0LTUxODE4NDI0MDY3MzYtMjA5MGFkOTFlZThkZWE2OGFlZDYwYWJjODNhYzAxYjA5ZjVmODBhYjgzN2QyNDdjOTNlOGY5NTg21111111111"
apikey: xoxe-1-My0xLTMxNzcwMjQ0MTcxMy01MTU4MTUyNjkxNzE0LTUxODE4NDI0MDY3MzYtMjA5MGFkOTFlZThkZWE2OGFlZDYwYWJjODNhYzAxYjA5ZjVmODBhYjgzN2QyNDdjOTNlOGY5NTg21111111111
# Fat-fingered secret
- text: Xxoxe-1-My0xLTMxNzcwMjQ0MTcxMy01MTU4MTUyNjkxNzE0LTUxODE4NDI0MDY3MzYtMjA5MGFkOTFlZThkZWE2OGFlZDYwYWJjODNhYzAxYjA5ZjVmODBhYjgzN2QyNDdjOTNlOGY5NTg21111111111
apikey: xoxe-1-My0xLTMxNzcwMjQ0MTcxMy01MTU4MTUyNjkxNzE0LTUxODE4NDI0MDY3MzYtMjA5MGFkOTFlZThkZWE2OGFlZDYwYWJjODNhYzAxYjA5ZjVmODBhYjgzN2QyNDdjOTNlOGY5NTg21111111111
