Slack Configuration Token

Description

General

Documentation: https://api.slack.com
Summary: Slack is a business communication platform. App configuration tokens are used to create and configure Slack apps using Slack API. Each configuration token can manage the configuration of any of the apps in a development workspace. Configuration tokens expire 12 hours after being generated. To continually rotate config tokens, a refresh token is also provided.
IPs allowlist: Slack's internal integrations support IPs allowlisting and will limit a token's usage to a given set of IP addresses if enforced. See allowlisting documentation for more details.
Scopes: Configuration tokens are unique to a user and a workspace, but not an app.

Revoke the secret

Tokens can be revoked in the Managing Configuration Tokens section of the Slack API docs, or by using the auth.revoke API route. See revocation documentation for more details.

Check for suspicious activity

Monitoring suspicious activity of a given token is not mentioned in Slack's documentation.

Details for `Slack Configuration Token`

Family: token
Category: messaging_system
Company: Slack
High recall: True
Validity check available: True
Analyzer available: False
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 0.3
Prefixed: True
PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - xoxe\.xox[pb]-

Examples

- text: |
    access_token1: "xoxe.xoxb-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111"
  apikey: xoxe.xoxb-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111

- text: |
    access_token1: "xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111"
  apikey: xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111

# Fat-fingered secret
- text: Xxoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111
  apikey: xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111

Slack Configuration Token

Description

General

Revoke the secret

Check for suspicious activity

Details for `Slack Configuration Token`

Examples

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Description​

General​

Revoke the secret​

Check for suspicious activity​

Details for Slack Configuration Token​

Examples​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

General

Revoke the secret

Check for suspicious activity

Details for `Slack Configuration Token`

Examples