Slack Configuration Token

Description

General

• Documentation: https://api.slack.com
• Summary: Slack is a business communication platform. App configuration tokens are used to create and configure Slack apps using Slack API. Each configuration token can manage the configuration of any of the apps in a development workspace. Configuration tokens expire 12 hours after being generated. To continually rotate config tokens, a refresh token is also provided.
• IPs allowlist: Slack's internal integrations support IPs allowlisting and will limit a token's usage to a given set of IP addresses if enforced. See allowlisting documentation for more details.
• Scopes: Configuration tokens are unique to a user and a workspace, but not an app.

Revoke the secret

Tokens can be revoked in the Managing Configuration Tokens section of the Slack API docs, or by using the auth.revoke API route. See revocation documentation for more details.

Check for suspicious activity

Monitoring suspicious activity of a given token is not mentioned in Slack's documentation.

Details for Slack configuration token

• Family: Api

• Category: Messaging system

• Company: Slack

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.3

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - xoxe\.xox[pb]-

Examples

- text: |
    access_token1: "xoxe.xoxb-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111"
  apikey: xoxe.xoxb-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111

- text: |
    access_token1: "xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111"
  apikey: xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111

# Fat-fingered secret
- text: Xxoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111
  apikey: xoxe.xoxp-1-Mi0yLTM0MTQwNDE0MDE3Ni0zNjU5NDY0Njg4MTctNTE4MjA3NTQ5NjA4MC01NDEyOTYyODY5NzUxLThhMTBjZmI1ZWIzMGIwNTg0ZDdmMDI5Y2UxNzVlZWVhYzU2ZWQyZTZiODNjNDZiMGUxMzRlNmNjN1111111111

Was this page helpful?