Skip to main content

Webflow API Token



  • Documentation:

  • Summary: Webflow is a CMS for building websites, aimed at designers, editors and developers both.
    As third-party apps can also be used to create content, they need to be authorized via access tokens. This detector aims at catching these tokens.

  • IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.

  • Scopes: Access tokens are scoped at creation time. The list of scopes is available in the developer's docs.

Revoke the secret

API tokens can be revoked using a dedicated API endpoint.

Check for suspicious activity

As of the time of writing this documentation, this feature is not yet supported.

Details for Webflow api token

  • Family: Api

  • Category: E-commerce

  • Company: Webflow

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
- webflow


- text: |
apikey: 1b8922a501f99c4f580a7a66f06c799663bf3fb6c40c5bb77b463507355f6aca
- text: |
var WebflowToken = "6dced368b733d5701da04f7703837bd22538137eff82efbcfe202c7a45feb697"
apikey: 6dced368b733d5701da04f7703837bd22538137eff82efbcfe202c7a45feb697
- text: |
apikey: e9b9f84dfc984d74f320075543ede0307a8dc95197192898f48f69cdc399d186
- text: |
# Webflow API access token
apikey: cff772dc69130159c3ac9f1aa5e7234c7d3d9e3358b386210c6a18daf228dc53

How can I help you ?