Webflow API Token
Description
General
-
Documentation: https://docs.developers.webflow.com/reference
-
Summary: Webflow is a CMS for building websites, aimed at designers, editors and developers both.
As third-party apps can also be used to create content, they need to be authorized via access tokens. This detector aims at catching these tokens. -
IPs allowlist: As of the time of writing this documentation, this feature is not yet supported.
-
Scopes: Access tokens are scoped at creation time. The list of scopes is available in the developer's docs.
Revoke the secret
API tokens can be revoked using a dedicated API endpoint.
Check for suspicious activity
As of the time of writing this documentation, this feature is not yet supported.
Details for Webflow API token
-
Family: token
-
Category: e_commerce
-
Company: Webflow
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: False
-
Only valid secrets raise an alert: True
-
Minimum number of matches: 1
-
Occurrences found for one million commits: very rare
-
Prefixed: False
-
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- webflow
Examples
- text: |
WEBFLOW_API_TOKEN=1b8922a501f99c4f580a7a66f06c799663bf3fb6c40c5bb77b463507355f6aca
apikey: 1b8922a501f99c4f580a7a66f06c799663bf3fb6c40c5bb77b463507355f6aca
- text: |
var WebflowToken = "6dced368b733d5701da04f7703837bd22538137eff82efbcfe202c7a45feb697"
apikey: 6dced368b733d5701da04f7703837bd22538137eff82efbcfe202c7a45feb697
- text: |
API_TOKEN=e9b9f84dfc984d74f320075543ede0307a8dc95197192898f48f69cdc399d186
apikey: e9b9f84dfc984d74f320075543ede0307a8dc95197192898f48f69cdc399d186
- text: |
# Webflow API access token
API_TOKEN=cff772dc69130159c3ac9f1aa5e7234c7d3d9e3358b386210c6a18daf228dc53
apikey: cff772dc69130159c3ac9f1aa5e7234c7d3d9e3358b386210c6a18daf228dc53
