The Slack API Canarytoken provides you with a Slack API key. Much like the AWS API keys Canarytoken, you should leave these in private code repositories or on a developer's machine. An attacker who stumbles on this key will think they have unvetted access to your organisation's Slack. If they are used (for example using the Slack Web API), you will be alerted.
These alerts can be delayed by up to 5 minutes. Please also be aware that multiple uses of these Slack API keys in quick succession by the same source IP will be ignored for up to an hour.
Follow the steps below to create a Slack API Key Canarytoken:
Step 1: Log in to your Console
Step 2: Select the Canarytokens tile
Step 3: Select API Key Canarytoken
Select the Slack API Key Canarytoken from the list.
Step 4: Set a reminder
Over time, if you are using Canarytokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is as descriptive as possible, and we will remind the future you of where the Canarytoken was dropped. Nothing sucks more than having a Canarytoken fire an alert that reads "test" — and not knowing where you placed it.
We chose Slack API keys on Jim's Laptop as the reminder.
Step 5: Use the Canarytoken
Copy the Canarytoken and place it in its intended location.
The Slack API key that is displayed can be copied into a credentials file. The file is formatted such that it looks like a file that someone might use to store API keys.
Alert
An alert is triggered when the Slack API key is used.