WeChat App Keys

Description

General

Documentation: https://open.weixin.qq.com/?lang=en
Summary: WeChat is a Chinese multi-purpose messaging, social media and mobile payment application. It provides a variety of APIs to integrate with its services. This detector aims at catching accounts credentials.
IPs allowlist: This feature is not mentioned in the documentation.
Scopes: WeChat has two types of account, subscription accounts and service accounts. They don't have access to the same range of features.

Revoke the secret

Credentials can be managed from the developer's console, under function/advanced/developer mode.

Check for suspicious activity

This feature is not mentioned in the documentation.

Details for `Wechat keys`

Family: Api
Category: Messaging system
Company: Tencent
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 2
Occurrences found for one million commits: 186.54
Prefixed: False
PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames:
    - ^rss/
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - wx[a-f0-9]{16}

Examples

- text: |
    wechatuser = wxce38d37295f770f0
    wechatkey = 8bdaebb9594bff61b28073d91213af23
  client_id: wxce38d37295f770f0
  client_secret: 8bdaebb9594bff61b28073d91213af23