Installation & permissions
What do arcade games and Slack APIs have in common? Sure, they're both fun—but to use them, you'll need a token.
Like the pinball machines of days past and present, Slack API endpoints don't let just anyone play. In an arcade, your token proves you obtained permission to play. In your Slack app, your token proves that your app has obtained permission to call an API method.
Whenever you build an app, you'll start by obtaining an access token.
Begin with basic app setup
Select all the scopes you need, and none you don't, for your bot user.
Install your app on a single workspace.
Grab a token through the friendly App Management UI.
Level up with a new OAuth flow
Request specific scopes for your bot user on each workspace, with each scope clearly explained to users.
Let users in any workspace install your app.
Read our guide to the new OAuth flow for Slack apps.Beyond these two paths to installation, you'll also find oodles of reference material in this library:
Quickstart: what's new
Use this quickstart guide if you're already familiar with creating Slack apps, and simply want to see what's different for new apps.
Migration guide
Want a walkthrough on migrating a classic Slack app to use new, subtler permissions? Check out our migration guide.
Verifying requests from Slack
Verify that requests originating from Slack are trustworthy: check out our guide to verifying requests from Slack.
Reference: token types
See a list of token types, with both current and legacy types explained.
Reference: scopes
See a list of the scopes you can obtain, along with which token they belong with. With arcade games, certain games can only be played with certain tokens, and it's the same with the Slack API: some tokens may only access certain scopes.