Slack User Token
Description
General
- Documentation: https://api.slack.com
- Summary: Slack is a business communication platform. It offers chat rooms in the form of channels organized by topics as well as private groups and direct messaging. Users can create Slack applications to automate some actions in workspaces. Slack allows these applications to act directly on behalf of users in the communication channels by providing the applications with a user token after an OAuth2 authorization flow. This detector focuses on catching these Slack user tokens. GitGuardian also detects application keys.
Revoke the secret
Tokens can be revoked using the auth.revoke API route. It is one of the few credentials that has this "auto revoke" feature. See revocation documentation for more details.
Details for Slack User Token
-
Family: token
-
Category: messaging_system
-
Company: Slack
-
High recall: True
-
Validity check available: True
-
Analyzer available: True
-
On-premise instances exist: False
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 2.44
-
Prefixed: True
Secret Analyzer
Analysis Method
- Provider allows scopes enumeration: True
- Total network call count: 1
- Total call count may vary: False
HTTP Calls
Requests are designed to capture metadata and not to function effectively.
- GET: /api/auth.test
Other Calls
Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.
