Square Credentials
Description
General
- Documentation: https://developer.squareup.com/reference/square
- Summary: Square is a financial service, merchant services aggregator, and mobile payment company. It markets software and hardware payment products. Square APIs enable to accept payments securely and to integrate applications with the solution. This detector aims at catching a pair of
client_idandclient_secretcredentials used to authenticate during API calls and to grant access tokens. Another detector is available to detect Square access tokens. - IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: All pairs of
client_idandclient_secrethave the same rights on a given account.
Revoke the secret
Credentials can be rotated from the application's dashboard.
Check for suspicious activity
This feature is not mentioned in the documentation.
Details for Square credentials
-
Family: Api
-
Category: Payment system
-
Company: Square
-
High recall: True
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 0.09
-
Prefixed: True
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- sq0idp-
- type: ContentWhitelistPreValidator
patterns:
- sq0csp-
Examples
- text: "SQUAREUP_API_KEY = 'sq0idp-Y7WFLOjXXp00XXXp00_0_A'
SQUAREUP_API_SECRET = 'sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0'"
client_id: sq0idp-Y7WFLOjXXp00XXXp00_0_A
client_secret: sq0csp-WnMisBjD0DtEoYeM0ZK7Bi1_cXb0X0oRCN0djXcXXX0
