Skip to main content

Slack Bot Token

Description

General

  • Documentation: https://api.slack.com
  • Summary: Slack is a business communication platform. It supports the use of bots to automate some activities on channels. Bots can connect to the real time messaging API and post messages on their own behalf thanks to a bot token. They can also access a subset of API methods to better understand the channels, members, and messages received as part of its activities. Bot tokens are thus highly sensitive.

Revoke the secret

Tokens can be revoked using the auth.revoke API route. It is one of the few credentials that has this "auto revoke" feature. See revocation documentation for more details.

Details for Slack Bot Token

  • Family: token

  • Category: messaging_system

  • Company: Slack

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 5.52

  • Prefixed: True

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • GET: /api/auth.test

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.