Authentication

The installation, permissions, and user security framework for Slack Platform

Installation

Creating an app

Learn how to create a modern Slack app that uses granular permissions.

Installing with OAuth

Use OAuth 2.0 to provide an installation flow that allows your apps to be added to any workspace, and distributed in the App Directory.

Permissions

Access tokens

Tokens are the keys to the Slack platform. Read about the different token types, and what each is best for.

Scopes

Use scopes to request permission from installers and users for access to data and functionality in apps.

Security

Token rotation

Provide an extra layer of security for your access tokens by expiring and regenerating them frequently, programmatically.

Verifying requests from Slack

Slack signs its requests using a secret that's unique to your app. With the help of signing secrets, your app can more confidently verify whether requests from us are authentic.

Best practices for security

How to care for your tokens, secrets, webhook URLs, and data.

Advanced guides

Sign in with Slack setup

Our OAuth-based sign-in flow uses the OpenID Connect protocol to let users sign into your service using Slack.

Differences between classic and modern Slack apps

Differences between classic Slack apps and new ones with more precise permissions.

Migration guide for classic Slack apps

Everything you need to know to migrate your classic Slack app to use a new fine-grained permission model.