Skip to content

Data Types Reference (Scalars)

Escape scanners support 240 types of data (109 Low, 28 Medium, 103 High), named scalars. Here is a list of all the supported types.

Custom Data Types

To define your own Data Types (Scalars) and Payloads, check out the Custom Payloads documentation section.


Company Data Types

Name Description Sensitivity
business_type Business type
carrier carrier
department_name Department name
domain Domain name
key_kms key kms
mime_type mime type
organization Organization name
position Employee or Position Type
room Room type
website Website name

Date time Data Types

Name Description Sensitivity
date ISO 8601 date string
datetime ISO 8601 date and time string
duration Duration
month Month
time ISO 8601 time string
timestamp Timestamp
year Year

Finance Data Types

Name Description Sensitivity
bank bank name
bank_account International Bank Account Number
bank_card Credit Card Number
bitcoin Bitcoin address
card_type Card type or transation type
currency_code Currency Code ISO 4217
dash Dash address
ethereum Ethereum address
monero Monero address
shipping_method Shipping method
us_bank_account_number US Bank Account Number
us_bank_routing_number US Bank Routing Number
us_zip_code US ZIP Code

Hash Data Types

Name Description Sensitivity
base64 base64 hash
bcrypt bCrypt hash
commit_hash Commit Hash
hash Block hash
md5 MD5 hash
sha1 SHA1 hash
sha256 SHA256 hash

Payload Data Types

Name Description Sensitivity
unsanitized_payload Unsanitized Payload

Personal Data Types

Name Description Sensitivity
body_type body type
credit_card_number Credit Card Number
document_type Document type
driving_license Driving License Number
email Email
french_phone Phone Number
gender Gender
identity_number identity number
legal_name Full legal name
passport Passport Number
password Password
phone Phone Number
social_security_number social security number
username Username
vehicle_type Vehicle type

Primitives Data Types

Name Description Sensitivity
id Identifier

Saas Data Types

Name Description Sensitivity
amount Amount
application Application or Product Name
author author name
category Classification or grouping label for items or content
coupon_code coupon code
delivery_method Delivery method
discount Discount
e_commerce_indicator e-Commerce Indicator
event_type Event type
fee fee
form Form identifier or type
html_body HTML body
isbn International Standard Book Number
item Individual item identifier, used in e-commerce or inventories
join Joining or membership option
merchant merchant name
navigation Page number or name in a series or navigation
permission permission
plan Plan or subscrption type
policy policy name
price Price
reference Reference identifier, often used in tracking or linking
role member type
search Search parameter for text or keyword search in applications
serial_number serial number
status status
status_message Status, error message and additional info
title Title or heading, often used in articles, books or web pages
view View mode or perspective, often used in user interfaces

Secrets Data Types

Name Description Sensitivity
adobe_client_id Detected a pattern that resembles an Adobe OAuth Web Client ID, posing a risk of compromised Adobe integrations and data breaches.
adobe_client_secret Discovered a potential Adobe Client Secret, which, if exposed, could allow unauthorized Adobe service access and data manipulation.
age_secret_key Discovered a potential Age encryption tool secret key, risking data decryption and unauthorized access to sensitive information.
algolia_api_key Identified an Algolia API Key, which could result in unauthorized search operations and data exposure on Algolia-managed platforms.
alibaba_access_key_id Detected an Alibaba Cloud AccessKey ID, posing a risk of unauthorized cloud resource access and potential data compromise.
alibaba_secret_key Discovered a potential Alibaba Cloud Secret Key, potentially allowing unauthorized operations and data access within Alibaba Cloud.
asana_client_id Discovered a potential Asana Client ID, risking unauthorized access to Asana projects and sensitive task information.
asana_client_secret Identified an Asana Client Secret, which could lead to compromised project management integrity and unauthorized access.
atlassian_api_token Detected an Atlassian API token, posing a threat to project management and collaboration tool security and data confidentiality.
aws_access_token Identified a pattern that may indicate AWS credentials, risking unauthorized cloud resource access and data breaches on AWS platforms.
aws_mws_id Amazon Marketplace Web Service identifier
beamer_api_token Detected a Beamer API token, potentially compromising content management and exposing sensitive notifications and updates.
bitbucket_client_id Discovered a potential Bitbucket Client ID, risking unauthorized repository access and potential codebase exposure.
bitbucket_client_secret Discovered a potential Bitbucket Client Secret, posing a risk of compromised code repositories and unauthorized access.
clojars_api_token Uncovered a possible Clojars API token, risking unauthorized access to Clojure libraries and potential code manipulation.
contentful_delivery_api_token Discovered a Contentful delivery API token, posing a risk to content management systems and data integrity.
databricks_api_token Uncovered a Databricks API token, which may compromise big data analytics platforms and sensitive data processing.
datadog_access_token Detected a Datadog Access Token, potentially risking monitoring and analytics data exposure and manipulation.
digitalocean_pat Discovered a DigitalOcean Personal Access Token, posing a threat to cloud infrastructure security and data privacy.
doppler_api_token Discovered a Doppler API token, posing a risk to environment and secrets management security.
dropbox_api_token Identified a Dropbox API secret, which could lead to unauthorized file access and data breaches in Dropbox storage.
dropbox_long_lived_api_token Found a Dropbox long-lived API token, risking prolonged unauthorized access to cloud storage and sensitive data.
dropbox_short_lived_api_token Discovered a Dropbox short-lived API token, posing a risk of temporary but potentially harmful data access and manipulation.
duffel_api_token Uncovered a Duffel API token, which may compromise travel platform integrations and sensitive customer data.
dynatrace_api_token Detected a Dynatrace API token, potentially risking application performance monitoring and data exposure.
easypost_api_token Identified an EasyPost API token, which could lead to unauthorized postal and shipment service access and data exposure.
easypost_test_api_token Detected an EasyPost test API token, risking exposure of test environments and potentially sensitive shipment data.
etsy_access_token Found an Etsy Access Token, potentially compromising Etsy shop management and customer data.
facebook Discovered a Facebook Access Token, posing a risk of unauthorized access to Facebook accounts and personal data exposure.
fastly_api_token Uncovered a Fastly API key, which may compromise CDN and edge cloud services, leading to content delivery and security issues.
finicity_api_token Detected a Finicity API token, potentially risking financial data access and unauthorized financial operations.
finicity_client_secret Identified a Finicity Client Secret, which could lead to compromised financial service integrations and data breaches.
flickr_access_token Discovered a Flickr Access Token, posing a risk of unauthorized photo management and potential data leakage.
flutterwave_encryption_key Uncovered a Flutterwave Encryption Key, which may compromise payment processing and sensitive financial information.
flutterwave_secret_key Identified a Flutterwave Secret Key, risking unauthorized financial transactions and data breaches.
frameio_api_token Found a Frame.io API token, potentially compromising video collaboration and project management.
gcp_api_key Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches.
generic_api_key Token
geocodio Geocodio API key
github_app_token Identified a GitHub App Token, which may compromise GitHub application integrations and source code security.
github_fine_grained_pat Found a GitHub Fine-Grained Personal Access Token, risking unauthorized repository access and code manipulation.
github_oauth Discovered a GitHub OAuth Access Token, posing a risk of compromised GitHub account integrations and data leaks.
github_pat Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.
github_refresh_token Detected a GitHub Refresh Token, which could allow prolonged unauthorized access to GitHub services.
gitlab_pat Identified a GitLab Personal Access Token, risking unauthorized access to GitLab repositories and codebase exposure.
gitlab_rrt Discovered a GitLab Runner Registration Token, posing a risk to CI/CD pipeline integrity and unauthorized access.
grafana_api_key Identified a Grafana API key, which could compromise monitoring dashboards and sensitive data analytics.
grafana_service_account_token Discovered a Grafana service account token, posing a risk of compromised monitoring services and data integrity.
graphcms API key for accessing GraphCMS API
hashicorp_tf_api_token Uncovered a HashiCorp Terraform user/org API token, which may lead to unauthorized infrastructure management and security breaches.
heroku_api_key Detected a Heroku API Key, potentially compromising cloud application deployments and operational security.
hubspot_api_key Found a HubSpot API Token, posing a risk to CRM data integrity and unauthorized marketing operations.
instagram_oauth Instagram OAuth token identifier
intercom_api_key Identified an Intercom API Token, which could compromise customer communication channels and data privacy.
ipstack_token unique identifier and access token for using IPStack's services.
jfrog_api_key Found a JFrog API Key, posing a risk of unauthorized access to software artifact repositories and build pipelines.
jiratoken Jiratoken is an API key used for authentication and access control in Jira, a project management and issue tracking platform. It provides access to various functionality such as creating, updating, and managing issues, creating and updating projects, and managing user permissions.
jwt JSON Web Token
launchdarkly_access_token Uncovered a Launchdarkly Access Token, potentially compromising feature flag management and application functionality.
linear_api_key Detected a Linear API Token, posing a risk to project management tools and sensitive task data.
linear_client_secret Identified a Linear Client Secret, which may compromise secure integrations and sensitive project management data.
linkedin_client_secret Discovered a LinkedIn Client secret, potentially compromising LinkedIn application integrations and user data.
lob_api_key Uncovered a Lob API Key, which could lead to unauthorized access to mailing and address verification services.
mailchimp_api_key Identified a Mailchimp API key, potentially compromising email marketing campaigns and subscriber data.
mailgun_private_api_token Found a Mailgun private API token, risking unauthorized email service operations and data breaches.
mailgun_signing_key Uncovered a Mailgun webhook signing key, potentially compromising email automation and data integrity.
messagebird_api_token Found a MessageBird API token, risking unauthorized access to communication platforms and message data.
microsoft_teams_webhook Uncovered a Microsoft Teams Webhook, which could lead to unauthorized access to team collaboration tools and data leaks.
netlify_access_token Detected a Netlify Access Token, potentially compromising web hosting services and site management.
new_relic_user_api_id Found a New Relic user API ID, posing a risk to application monitoring services and data integrity.
npm_access_token Uncovered an npm access token, potentially compromising package management and code repository access.
okta_access_token Identified an Okta Access Token, which may compromise identity management services and user authentication data.
openai_api_key Found an OpenAI API Key, posing a risk of unauthorized access to AI services and data manipulation.
paypaloauth Paypaloauth is an API key used for PayPal's authentication process.
planetscale_api_token Identified a PlanetScale API token, potentially compromising database management and operations.
planetscale_password Discovered a PlanetScale password, which could lead to unauthorized database operations and data breaches.
postman_api_token Uncovered a Postman API token, potentially compromising API testing and development workflows.
private_key Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.
pubnubpublishkey The PubNub Publish Key is used to authenticate and authorize the publisher to send messages using PubNub's messaging service.
pulumi_api_token Found a Pulumi API token, posing a risk to infrastructure as code services and cloud resource management.
pypi_upload_token Discovered a PyPI upload token, potentially compromising Python package distribution and repository integrity.
rubygems_api_token Identified a Rubygem API token, potentially compromising Ruby library distribution and package management.
sendgrid_api_token Detected a SendGrid API token, posing a risk of unauthorized email service operations and data exposure.
sendinblue_api_token Identified a Sendinblue API token, which may compromise email marketing services and subscriber data privacy.
sentry_access_token Found a Sentry Access Token, risking unauthorized access to error tracking services and sensitive application data.
shippo_api_token Discovered a Shippo API token, potentially compromising shipping services and customer order data.
shopify_access_token Uncovered a Shopify access token, which could lead to unauthorized e-commerce platform access and data breaches.
shopify_custom_access_token Detected a Shopify custom access token, potentially compromising custom app integrations and e-commerce data security.
shopify_private_app_access_token Identified a Shopify private app access token, risking unauthorized access to private app data and store operations.
shopify_shared_secret Found a Shopify shared secret, posing a risk to application authentication and e-commerce platform security.
sidekiq_secret Discovered a Sidekiq Secret, which could lead to compromised background job processing and application data breaches.
slack_bot_token Identified a Slack Bot token, which may compromise bot integrations and communication channel security.
slack_legacy_workspace_token Identified a Slack Legacy Workspace token, potentially compromising access to workspace data and legacy features.
slack_user_token Found a Slack User token, posing a risk of unauthorized user impersonation and data access within Slack workspaces.
slack_webhook_url Discovered a Slack Webhook, which could lead to unauthorized message posting and data leakage in Slack channels.
stripe_access_token Stripe private token
sumologic_access_token Uncovered a SumoLogic Access Token, which could lead to unauthorized access to log data and analytics insights.
thinkific Thinkific API key
twilio_api_key Found a Twilio API Key, posing a risk to communication services and sensitive customer interaction data.
twitch_api_token Discovered a Twitch API token, which could compromise streaming services and account integrations.
twitter_api_key Identified a Twitter API Key, which may compromise Twitter application integrations and user data security.
typeform_api_token Uncovered a Typeform API token, which could lead to unauthorized survey management and data collection.
vault_service_token Identified a Vault Service Token, potentially compromising infrastructure security and access to sensitive credentials.
youtubeapikey This api key is used for accessing the YouTube API and provides access to various functionalities and data on the YouTube platform.
zendesk_secret_key Detected a Zendesk Secret Key, risking unauthorized access to customer support services and sensitive ticketing data.

Technology Data Types

Name Description Sensitivity
authentication authentication
authorization_code authorization code
bearer Bearer
bearer_uuid Bearer with UUID
boolean_wannabe Looks like a boolean but not a boolean
command Command input, often used in interfaces that accept system commands
confirmation_code confirmation code
content_type Content Type
cuid Globally Unique Identifier
device_name Device name
device_type Device type
did Decentralized Identifiers
directory Disk or URL Path or Directory
environment Environment parameter for specifying the deployment or operation environment
file File name
func Functional command or method call in applications
hex_color_code Hex Color Code
hexadecimal Hexadecimal
host Host name (IP or DNS)
hsl Hue, Saturation, Lightness
hsla Hue, Saturation, Lightness, Alpha
http_method http method
ipc_patent IPC Patent
ipv4 IPv4 address
ipv6 IPv6 address
json JSON string
language_iso_639_1 Language
language_iso_639_2 Language ISO 639-2
limit Limit number
llm_input Potential LLM input
locale BCP 47 Locale
mac Mac Address
mask Mask Pattern
mongo_db_object_id Mongo DB Object ID
offset Start offset number
pin_code Pin Code
port Port number
protocol Protocol
reason_code reason code
return_type Return type
rgb RGB Color Code
rgba RGBA Color Code
secret Secret
slug Slug or identifier in forums or message boards
software_component Software or library name
ssh_url SSH URL
status_code Status Code
uri A URI as defined by RFC 1738
url A URL as defined by RFC 1738
user_agent user agent
uuid Universally Unique Identifier
version Semver