Legacy tokens are an old method of generating tokens for testing and development.
Because we strongly recommend you do not use legacy custom integrations anymore, you should instead use Slack apps to quickly generate tokens, without OAuth, by installing your app to your own team.
For testing and development, you can quickly and easily create a new Slack app and install it in two clicks.
Once it's installed, use the app's settings to progressively add the permission scopes you need for your testing.
Though we recommend that all legacy custom integrations should migrate to Slack apps, we also understand that some will still need to maintain older integrations. This section contains any information about using legacy tokens that is specific to the legacy implementation.
Use this tool to generate legacy tokens, if you must.
Legacy tokens are just for you. Never share legacy tokens with other users or applications. Do not publish Legacy tokens in public code repositories. Review token safety tips.
By creating a test API token, you agree to the Slack API Terms of Service.
Please log into your workspace and then reload this page to view your tokens.
Legacy tokens have the power of passwords, and should be treated with the same care. You should revoke them if they're not being used. Slack will automatically revoke any old tokens if unused for a long period of time.
Tokens generated with this tool will be associated with the currently signed in user and team.
The tokens will automatically be granted the following scopes:
identify- identifies your personal user information like name and team
read- allows this token to request data about channels, messages, team members, and more
post- allows this token to post content to your channels and perform other write actions like edit your profile
client- allows this token to connect to the real time streaming API and perform most actions your user account is capable of throughout the Slack service
admin- only attached if the current user is an admin for that team. Allows retrieval and modification of team-wide administrative information.
These tokens provide access to your private data and that of your team. Keep these tokens to yourself and do not share them with others. Tester tokens are not intended to replace OAuth 2.0 tokens.