Description: The Slack API token provides you with a Slack API key. Much like the AWS API keys Canarytoken, you should leave these in private code repositories or on a developer's machine. An attacker who stumbles on this key will think they have unvetted access to your organisation's Slack. If they are used (for example using the Slack Web API), you will be alerted.

Note: These alerts can be delayed by up to 5 minutes. Please also be aware that multiple uses of these Slack API keys in quick succession by the same source IP will be ignored for up to an hour.

Follow the steps below to create a Slack API Key Canarytoken:

Step 1:

Step 2:

Select the Canarytokens tile.

Step 3:

Select the Slack API Key token from the list.

Step 4:

Over time, if you are using tokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is as descriptive as possible, and we will remind the future you of where the token was dropped. Nothing sucks more than having a token fire an alert that reads “test" - and not knowing where you placed it.

Note: we chose "Slack API keys on Jim's Laptop" as the reminder

Step 5:

Copy the token and place it in its intended location.

Note: The Slack API key that is displayed can be copied into a credentials file. The file is formatted such that it looks like a file that someone might use to store API keys.

Alert:

An alert is triggered when the Slack API key is used.

You're done! ;-)

Search

How do I create an Slack API Key Canarytoken?