Behavior changes for posting messages with older tokens
Published: Thursday, May 19, 2016
Long ago, before we made generating your own tokens easy, a small number of enterprising users and developers scoured through client-side code to discover embedded user tokens and began posting messages and performing other skunkworks operations with them. We applaud this adventurous spirit!
Today we take the first step in retiring usage of these antiquated tokens, by changing their behavior when used to post messages through chat.postMessage.
These changes effect only outmoded tokens using chat.postMessage, which can be identified by their leading characters of xoxo- and xoxs-.
Instead of allowing the authoring identity to be altered using the username, icon_url, and icon_emoji parameters, messages posted with these outdated tokens will default to the original user's identity.
So if @jane uses these tokens in a script to post as @captain_janeway, posts will now be attributed to @jane. The tokens belong to @jane after all.
When it's happening:
Today — this change is effective immediately. These tokens are seldom used and the impact on teams and workflows should be minimal.