Events will no longer contain full lists of authed_users or authed_teams

Published: Tuesday, September 22, 2020
Apps

Your app's events—received from the Events API—are changing.

Event payloads will no longer contain a full list of authed_users or authed_teams. These two fields will be deprecated. There'll be a new, compact field called authorizations to replace them—but authorizations will only contain at most one person or workspace that the event is visible to.

If you need a full list of all the parties an event is visible to, you'll call the apps.event.authorizations.list method.

The new, streamlined shape of events allows Slack to deliver them faster.

These changes to the Events API will take place on February 24, 2021. You'll be able to opt in to them earlier, on September 29, 2020, by going to your App Management page and selecting the checkbox under Event Subscription.

In order to get ready for the changes to authorizations, you can use the apps.event.authorizations.list method even without opting in to the new shape of events, starting September 29, 2020.

Read on for more details on what's changing and how to prepare.

Why are things changing?

Previously, the Events API included a full list of authed_users, and sometimes authed_teams, with every event.

These fields showed who the event is visible to. For example, if your app has been installed by two users in a workspace, and the app listens for the file_shared event, your app might receive an event with authed_users containing those two users.

Now, authed_users and authed_teams will be deprecated. Events will contain a single, compact authorizations field that shows one party that the event is visible to. In other words, lists of authorizations will be truncated to one element.

If there's more than one installing party that your app is keeping track of, it's best not to rely on the single party listed in authorizations to be any particular one. To get a full list of who can see events, read on to see how to call the apps.event.authorizations.list method.

These changes allow Slack to increase the performance of the Events API, delivering events faster.

What's changing

authed_users and authed_teams will be deprecated. Events will contain a single, compact authorizations field containing one party that the event is visible to.

If you require a full list of authorized users or workspaces, you'll be able obtain one with the help of the apps.event.authorizations.list method.

When you call that method, use the event_context paremeter, supplying the event_context you receive from an event payload.

The response from that method contains a list of authorizations:

  "authorizations": [
        {
            "enterprise_id": "E12345",
            "team_id": "T12345",
            "user_id": "U12345",
            "is_bot": false,
        }
  ],
  "cursor_next" => "string"

An important note: using the apps.event.authorizations.list method requires a separate, userless token.

The good news is that this token is easy to obtain. You can go to your App Management page, select your app, and you'll find an option to generate a token for this method under the App-Level Tokens section.

enterprise_id appears in an authorization when there's an entire enterprise organization that the event is visible to. There might be cases where only an enterprise_id, with no team_id, sis found in an authorization, depending on the event.

In order to get ready for the changes to authorizations, you can use the apps.event.authorizations.list method even without opting in to the new shape of events, starting September 29, 2020.

When is it changing?

These changes will take place on February 24, 2021. You can opt in to the new form of events early by going to the Events Subscriptions page.

Newly created apps are automatically opted into the new form of events: a single, truncated authorizations field with one authorization shown.

How should I prepare?

If you don't rely on the full list of authorizations included with an event, you don't need to do anything. Otherwise, get ready for the upcoming change by switching to the apps.event.authorizations.list method instead of checking the authed_users or authed_teams.

Talk to us with your concerns at feedback@slack.com.

Review other recent updates

Was this page helpful?