Description: The Slack API token provides you with a Slack API key. Much like the AWS API keys Canarytoken, you should leave these in private code repositories or on a developer's machine. An attacker who stumbles on this key will think they have unvetted access to your organisation's Slack. If they are used (for example using the Slack Web API), you will be alerted.

Note: These alerts can be delayed by up to 5 minutes. Please also be aware that multiple uses of these Slack API keys in quick succession by the same source IP will be ignored for up to an hour.

Follow the steps below to create a Slack API Key Canarytoken:

Step 1:

Console Login.png

Step 2:

Select the Canarytokens tile.

Step 3:

Select the Slack API Key token from the list.

CleanShot 2024-07-22 at 16.59.46@2x.png

Step 4:

Over time, if you are using tokens correctly, you will deploy thousands of them all over the place. Make sure that your Reminder is as descriptive as possible, and we will remind the future you of where the token was dropped. Nothing sucks more than having a token fire an alert that reads “test" - and not knowing where you placed it.

Note: we chose "Slack API keys on Jim's Laptop" as the reminder

CleanShot 2024-07-22 at 17.01.25@2x.png

Step 5:

Copy the token and place it in its intended location.

Note: The Slack API key that is displayed can be copied into a credentials file. The file is formatted such that it looks like a file that someone might use to store API keys.

CleanShot 2024-07-22 at 17.03.05@2x.png

Alert:

An alert is triggered when the Slack API key is used.

CleanShot 2024-07-22 at 17.07.15@2x.png

You're done! ;-)

Search

How do I create a Slack API Key Canarytoken?