Skip to main content

Square Token

Description

General

  • Documentation: https://developer.squareup.com/reference/square
  • Summary: Square is a financial service, merchant services aggregator, and mobile payment company. It markets software and hardware payments products. Square APIs enable to accept payments securely and to integrate applications with the solution. This detector aims at catching short living access tokens that are issued using main credentials. Another detector is available to catch pairs of main credentials.

Revoke the secret

An application can be revoked by the end-user himself revoking all OAuth tokens associated to it. The application can directly revoke all OAuth tokens issued from the Square dashboard, or using the API.

Details for Square Access Token

  • Family: token

  • Category: payment_system

  • Company: Square

  • High recall: True

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.4

  • Prefixed: True

Details for square_token_v2

  • Family: token

  • Category: payment_system

  • Company: Square

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.4

  • Prefixed: False

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: True
  • Total network call count: 1
  • Total call count may vary: False

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • POST: /oauth2/token/status

Other Calls

Non-HTTP queries or HTTP calls made through a third-party app (e.g., Python package). No other calls for this analyzer.