Slack User Token

Description

General

• Documentation: https://api.slack.com
• Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. Slack allows these applications to act directly on behalf of users in the communication channels by providing the applications with a user token after an OAuth2 authorization flow. This detector focuses on catching these Slack user tokens. GitGuardian also detects application keys.
• IPs allowlist: Slack's internal integrations support IPs allowlisting and will limit a token's usage to a given set of IP addresses if enforced. See allowlisting documentation for more details.
• Scopes: User tokens represent the same access a user has to a workspace: the channels, conversations, users, reactions, etc. they can see.

Revoke the secret

Tokens can be revoked using the auth.revoke API route. It is one of the few credentials that has this "auto revoke" feature. See revocation documentation for more details.

Check for suspicious activity

Monitoring suspicious activity of a given token is not mentioned in Slack's documentation.

Details for Slackusertoken

• Family: Api

• Category: Messaging system

• Company: Slack

• High recall: True

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 3.45

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - xox[ps]-

Examples

- text: |
    token = "xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef"
  apikey: xoxp-41684372915-1320496754-45609968301-e708ba56e1517a99f6b5fb07349476ef
- text: |
    slack_old_token = "xoxs-416843729158-132049654-5609968301-e708ba56e1"
  apikey: xoxs-416843729158-132049654-5609968301-e708ba56e1

Was this page helpful?