Tokens are the keys to the Slack platform. They tie together all the scopes and permissions your app has obtained, allowing it to read, write, and interact. There are multiple types of tokens available. Each type is suited for different functionality, and certain scopes are unique to particular token types, as summarized in the table below:
Token | Description |
---|---|
Bot token | Bot tokens ascribe to a granular permission model to request only the scopes you need. Refer to the quickstart guide for Slack apps to learn how to get one configured quickly. |
User token | User tokens allow you to work directly on behalf of users when necessary. |
Configuration token | Configuration tokens are per-workspace tokens used with App Manifest APIs to create and configure Slack apps. |
Service token | For workflow apps, service tokens are long-lived, non-rotatable user tokens that won't expire, so they can be used to perform any Slack CLI action without the need to refresh tokens. Refer to obtaining a service token to learn how to get one. |
App-level token | App-level tokens are used with specific APIs, which are related to the app across all organizations where the app is installed. |
Bot tokens represent a bot associated with an app installed in a workspace. Unlike user tokens, they're not tied to a user's identity β they're only tied to your app. Since acting independently allows your app to stay installed even when an installing user is deactivated, using bot tokens is usually for the best.
xoxb-
.Workflow tokens are a subset of bot tokens. They cannot perform actions that require a user scope. They expire and need to be refreshed. Workflow token strings begin with xwfp-
.
User tokens represent workspace members. They are issued for the user who installed the app and for users who authenticate the app. When your app asks for OAuth scopes, they are applied to user tokens. You can use these tokens to take actions on behalf of users.
channels:history
grants a user token access to conversations.history
for any public channel).xoxp-
.Both configuration and service tokens are also tied to a user logged into Slack.
App configuration tokens (or config tokens for short) are solely used to create and configure Slack apps using our App Manifest APIs. Each configuration token is unique to a user and a workspace, but not an app. This means you can manage the configuration of any of your apps in a single development workspace, with just one config token.
Service tokens can only be used by workflow apps.
Service tokens won't expire, so they can be used to perform any Slack CLI action without the need to refresh tokens.
App-level tokens represent your app across organizations, including installations by all individual users on all workspaces in a given organization.
xapp-
.For posterity, here is a list of tokens that are no longer supported or recommended for use.
These bot tokens, obtained through an older OAuth flow, should only be used in special cases β such as connecting to the now-deprecated Real Time Messaging (RTM) API.
bot
scope with many different permissions included within it. We have now moved away from this umbrella permission model, and instead recommend you use newer, granular bot tokens. Newer platform features will no longer be supported with the legacy bot token.bot
requested during the OAuth installation flow have no effect on the legacy bot token.auth.revoke
does not uninstall the bot user. A new token may be obtained via OAuth or, for internal integrations, your app management console.Legacy workspace apps have been fully deprecated as of August 2021. Don't use this token type for new apps.
These tokens were associated with legacy custom integrations and early Slack integrations requiring an ambiguous "API token." They were generated using the legacy token generator, and are no longer recommended for use.