rules:
  - name: Spotify Access Token
    id: kingfisher.spotify.1
    pattern: |
      (?xi)
      (?:spotify)
      (?:.|[\n\r]){0,32}?
      (?:TOKEN|ACCESS|SECRET|KEY|BEARER|AUTH)
      (?:.|[\n\r]){0,16}?
      \b
      (
        [A-Za-z0-9_-]{100,256}
      )
      \b
    pattern_requirements:
      min_digits: 3
    min_entropy: 4.0
    confidence: medium
    examples:
      - "SPOTIFY_ACCESS_TOKEN=BQDj7MZaK9hP2xLvN4tR8wY0fGcE3iAoU6sBnDk1mXpJqWrT5zVuHyOlCeFgAbKdIjMnPqRsTuVwXyZaBcDeFgHiJkLmNoPqRsTuVwXyZ12345"
      - 'spotify_token: "BQAf8kL2mN4pR6tV8xZ0bD2fH4jL6nP8rT0vX2zA4cE6gI8kM0oQ2sU4wY6aB8dF0hJ2lN4pR6tV8xZ0bD2fH4jL6nP8rT0vX2zA4cE6gI8k"'
    references:
      - https://developer.spotify.com/documentation/web-api/
    validation:
      type: Http
      content:
        request:
          method: GET
          url: "https://api.spotify.com/v1/me"
          headers:
            Authorization: "Bearer {{ TOKEN }}"
          response_matcher:
            - report_response: true
            - type: StatusMatch
              status: [200]