Installation & permissions

What do arcade games and Slack APIs have in common? Sure, they're both fun—but to use them, you'll need a token.

Like the pinball machines of days past and present, Slack API endpoints don't let just anyone play. In an arcade, your token proves you obtained permission to play. In your Slack app, your token proves that your app has obtained permission to call an API method.

Whenever you build an app, you'll start by obtaining an access token.

Begin with basic app setup

Select all the scopes you need, and none you don't, for your bot user.

Install your app on a single workspace.

Grab a token through the friendly App Management UI.

An unfurled file in a Slack client
The app management scopes page

Level up with a new OAuth flow

Request specific scopes for your bot user on each workspace, with each scope clearly explained to users.

Let users in any workspace install your app.

Read our guide to the new OAuth flow for Slack apps.

Beyond these two paths to installation, you'll also find oodles of reference material in this library:

Quickstart: what's new

Use this quickstart guide if you're already familiar with creating Slack apps, and simply want to see what's different for new apps.

Migration guide

Want a walkthrough on migrating a classic Slack app to use new, subtler permissions? Check out our migration guide.

Verifying requests from Slack

Verify that requests originating from Slack are trustworthy: check out our guide to verifying requests from Slack.

Reference: token types

See a list of token types, with both current and legacy types explained.

Reference: scopes

See a list of the scopes you can obtain, along with which token they belong with. With arcade games, certain games can only be played with certain tokens, and it's the same with the Slack API: some tokens may only access certain scopes.

About this page
Next steps