Square Credentials

Description

General

• Documentation: https://developer.squareup.com/reference/square
• Summary: Square is a financial service, merchant services aggregator, and mobile payment company. It markets software and hardware payment products. Square APIs enable to accept payments securely and to integrate applications with the solution. This detector aims at catching a pair of client_id and client_secret credentials used to authenticate during API calls and to grant access tokens. Another detector is available to detect Square access tokens.
• IPs allowlist: This feature is not mentioned in the documentation.
• Scopes: All pairs of client_id and client_secret have the same rights on a given account.

Revoke the secret

Credentials can be rotated from the application's dashboard.

Check for suspicious activity

This feature is not mentioned in the documentation.

Details for Square credentials

• Family: Api

• Category: Payment system

• Company: Square

• High recall: True

• Validity check available: True

• On-premise instances exist: True

• Only valid secrets raise an alert: False

• Minimum number of matches: 2

• Occurrences found for one million commits: 0.09

• Prefixed: True

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - sq0idp-
- type: ContentWhitelistPreValidator
  patterns:
    - sq0csp-

Examples

- text: "SQUAREUP_API_KEY = 'sq0idp-Y7WFLOjXXp00XXXp00_0_A'
    SQUAREUP_API_SECRET = 'sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0'"
  client_id: sq0idp-Y7WFLOjXXp00XXXp00_0_A
  client_secret: sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0