Legacy: OAuth Permission scopes

OAuth scopes let you specify exactly how your app needs to access a Slack user's account. As an app developer, you specify your desired scopes in the initial OAuth authorization request. When a user is responding to your OAuth request, the requested scopes will be displayed to them when they are asked to approve your request.

Slack's system of OAuth permission scopes governs usage of Slack apps and their use of the Web API, Events API, RTM API, Slash Commands, and incoming webhooks.

Types of Scopes

Slack uses scopes that refer to the object they grant access to, followed by the class of actions on that object they allow (e.g. file:write). Additionally, some scopes have an optional perspective which is either user, bot, or admin, which influences how the action appears in Slack (e.g. chat:write:user will send a message from the authorizing user as opposed to your app).

The list of objects includes files, search, chat, and reactions, along with many other objects in Slack.

There are currently only three classes of action:

• read: Reading the full information about a single resource.
• write: Modifying the resource in any way e.g. creating, editing, or deleting.
• history: Accessing the message archive of channels, DMs, or private channels.

For example, to request access to the list of channels on a workspace and the ability to send messages to those channels as a bot, your app would request channels:read chat:write:bot.

OAuth Scopes to API methods

Learn even more detail about these OAuth scopes here.

OAuth Scope	Associated Methods
admin.analytics:read	admin.analytics.getFile
admin.app_activities:read	admin.apps.activities.list
admin.apps:read	admin.apps.approved.list admin.apps.config.lookup admin.apps.requests.list admin.apps.restricted.list
admin.apps:write	admin.apps.approve admin.apps.clearResolution admin.apps.config.set admin.apps.requests.cancel admin.apps.restrict admin.apps.uninstall
admin.barriers:read	admin.barriers.list
admin.barriers:write	admin.barriers.create admin.barriers.delete admin.barriers.update
admin.conversations:read	admin.conversations.ekm.listOriginalConnectedChannelInfo admin.conversations.getConversationPrefs admin.conversations.getCustomRetention admin.conversations.getTeams admin.conversations.lookup admin.conversations.restrictAccess.listGroups admin.conversations.search
admin.conversations:write	admin.conversations.archive admin.conversations.bulkArchive admin.conversations.bulkDelete admin.conversations.bulkMove admin.conversations.convertToPrivate admin.conversations.convertToPublic admin.conversations.create admin.conversations.delete admin.conversations.disconnectShared admin.conversations.invite admin.conversations.linkObjects admin.conversations.removeCustomRetention admin.conversations.rename admin.conversations.restrictAccess.addGroup admin.conversations.restrictAccess.removeGroup admin.conversations.setConversationPrefs admin.conversations.setCustomRetention admin.conversations.setTeams admin.conversations.unarchive admin.conversations.unlinkObjects
admin.invites:read	admin.inviteRequests.approved.list admin.inviteRequests.denied.list admin.inviteRequests.list
admin.invites:write	admin.inviteRequests.approve admin.inviteRequests.deny
admin.roles:read	admin.roles.listAssignments
admin.roles:write	admin.roles.addAssignments admin.roles.removeAssignments
admin.teams:read	admin.emoji.list admin.teams.admins.list admin.teams.list admin.teams.owners.list admin.teams.settings.info
admin.teams:write	admin.emoji.add admin.emoji.addAlias admin.emoji.remove admin.emoji.rename admin.teams.create admin.teams.settings.setDefaultChannels admin.teams.settings.setDescription admin.teams.settings.setDiscoverability admin.teams.settings.setIcon admin.teams.settings.setName admin.usergroups.addTeams
admin.usergroups:read	admin.usergroups.listChannels
admin.usergroups:write	admin.usergroups.addChannels admin.usergroups.removeChannels
admin.users:read	admin.auth.policy.getEntities admin.users.list admin.users.session.getSettings admin.users.session.list admin.users.unsupportedVersions.export
admin.users:write	admin.auth.policy.assignEntities admin.auth.policy.removeEntities admin.users.assign admin.users.invite admin.users.remove admin.users.session.clearSettings admin.users.session.invalidate admin.users.session.reset admin.users.session.resetBulk admin.users.session.setSettings admin.users.setAdmin admin.users.setExpiration admin.users.setOwner admin.users.setRegular
admin.workflows:read	admin.functions.list admin.functions.permissions.lookup admin.workflows.permissions.lookup admin.workflows.search
admin.workflows:write	admin.functions.permissions.set admin.workflows.collaborators.add admin.workflows.collaborators.remove admin.workflows.unpublish
app_configurations:read	apps.manifest.export functions.distributions.permissions.list
app_configurations:write	apps.manifest.create apps.manifest.delete apps.manifest.update apps.manifest.validate functions.distributions.permissions.add functions.distributions.permissions.remove functions.distributions.permissions.set
assistant:write	assistant.threads.setStatus assistant.threads.setSuggestedPrompts assistant.threads.setTitle
authorizations:read	apps.event.authorizations.list
bookmarks:read	bookmarks.list
bookmarks:write	bookmarks.add bookmarks.edit bookmarks.remove
calls:read	calls.info
calls:write	calls.add calls.end calls.participants.add calls.participants.remove calls.update
canvases:read	canvases.sections.lookup
canvases:write	canvases.access.delete canvases.access.set canvases.create canvases.delete canvases.edit conversations.canvases.create
channels:history	conversations.history conversations.replies
channels:join	conversations.join
channels:manage	channels.mark
channels:read	conversations.info conversations.list conversations.members users.conversations
channels:write	channels.mark conversations.archive conversations.close conversations.create conversations.externalInvitePermissions.set conversations.invite conversations.join conversations.kick conversations.leave conversations.mark conversations.open conversations.rename conversations.setPurpose conversations.setTopic conversations.unarchive team.externalTeams.disconnect
channels:write.invites	conversations.invite
channels:write.topic	conversations.setPurpose conversations.setTopic
chat:write	chat.delete chat.deleteScheduledMessage chat.meMessage chat.postEphemeral chat.postMessage chat.scheduleMessage chat.update
chat:write:bot	chat.delete chat.deleteScheduledMessage chat.postEphemeral chat.postMessage chat.scheduleMessage chat.update
chat:write:user	chat.delete chat.deleteScheduledMessage chat.postEphemeral chat.postMessage chat.scheduleMessage chat.update
connections:write	apps.connections.open
datastore:read	apps.datastore.bulkGet apps.datastore.count apps.datastore.get apps.datastore.query
datastore:write	apps.datastore.bulkDelete apps.datastore.bulkPut apps.datastore.delete apps.datastore.put apps.datastore.update
dnd:read	dnd.info dnd.teamInfo
dnd:write	dnd.endDnd dnd.endSnooze dnd.setSnooze
emoji:read	emoji.list
files:read	files.info files.list
files:write	files.comments.delete files.completeUploadExternal files.delete files.getUploadURLExternal files.revokePublicURL files.sharedPublicURL files.upload
files:write:user	files.comments.delete files.completeUploadExternal files.delete files.getUploadURLExternal files.revokePublicURL files.sharedPublicURL files.upload
groups:history	conversations.history conversations.replies
groups:read	conversations.info conversations.list conversations.members users.conversations
groups:write	conversations.archive conversations.close conversations.create conversations.externalInvitePermissions.set conversations.invite conversations.kick conversations.leave conversations.mark conversations.open conversations.rename conversations.setPurpose conversations.setTopic conversations.unarchive groups.mark team.externalTeams.disconnect
groups:write.invites	conversations.invite
groups:write.topic	conversations.setPurpose conversations.setTopic
hosting:read	apps.activities.list
identity.basic	users.identity
identity:read:user	users.identity
im:history	conversations.history conversations.replies
im:read	conversations.info conversations.list conversations.members im.list users.conversations
im:write	conversations.archive conversations.close conversations.create conversations.externalInvitePermissions.set conversations.invite conversations.kick conversations.leave conversations.mark conversations.open conversations.rename conversations.setPurpose conversations.setTopic conversations.unarchive im.mark team.externalTeams.disconnect
im:write.invites	conversations.invite
im:write.topic	conversations.setPurpose conversations.setTopic
links:write	chat.unfurl
mpim:history	conversations.history conversations.replies
mpim:read	conversations.info conversations.list conversations.members mpim.list users.conversations
mpim:write	conversations.archive conversations.close conversations.create conversations.externalInvitePermissions.set conversations.invite conversations.kick conversations.leave conversations.mark conversations.open conversations.rename conversations.setPurpose conversations.setTopic conversations.unarchive mpim.mark team.externalTeams.disconnect
mpim:write.invites	conversations.invite
mpim:write.topic	conversations.setPurpose conversations.setTopic
pins:read	pins.list
pins:write	pins.add pins.remove
reactions:read	reactions.get reactions.list
reactions:write	reactions.add reactions.remove
reminders:read	reminders.info reminders.list
reminders:write	reminders.add reminders.complete reminders.delete
remote_files:read	files.remote.info files.remote.list
remote_files:share	files.remote.share
remote_files:write	files.remote.add files.remote.remove files.remote.update
search:read	search.all search.files search.messages
stars:read	stars.list
stars:write	stars.add stars.remove
team.billing:read	team.billing.info
team.preferences:read	team.preferences.list
team:read	team.externalTeams.list team.info users.discoverableContacts.lookup
tokens.basic	migration.exchange
triggers:read	workflows.triggers.permissions.list
triggers:write	workflows.triggers.permissions.add workflows.triggers.permissions.remove workflows.triggers.permissions.set
usergroups:read	usergroups.list usergroups.users.list
usergroups:write	usergroups.create usergroups.disable usergroups.enable usergroups.update usergroups.users.update
users.profile:read	team.profile.get users.profile.get
users.profile:write	users.deletePhoto users.profile.set users.setPhoto
users:read	bots.info users.getPresence users.info users.list
users:read.email	users.lookupByEmail
users:write	users.setActive users.setPresence
workflow.steps:execute	workflows.stepCompleted workflows.stepFailed workflows.updateStep

Browse all scopes

OAuth Scopes to Events API methods

OAuth scopes also govern subscriptions to event types in the Events API. See this mapping for more information.

Slack app scopes

If you're building a Slack app, you will also encounter three other scopes.

• incoming-webhook - requesting this scope during the authentication process allows workspaces to easily install an incoming webhook that can post from your app to a single Slack channel.
• commands - similarly, requesting this scope allows workspaces to install slash commands bundled in your Slack app.
• bot - request this scope when your Slack app includes bot user functionality. Unlike incoming-webhook and commands, the bot scope grants your bot user access to a subset of Web API methods, the RTM API, and certain event types in the Events API.

Special scopes

Additionally, Slack supports the following special scopes:

• identify : Allows applications to confirm your identity.
• client: Allows applications to connect to slack as a client, and post messages on behalf of the user.
• admin: Allows applications to perform administrative actions, requires the authed user to be an admin.

Working with Scopes

When making the initial authorization request, your application can request multiple scopes as a space or comma separated list (e.g. teams:read users:read).

https://slack.com/oauth/authorize?
  client_id=...&
  scope=team%3Aread+users%3Aread

When using the Slack API you can check the HTTP headers to see what OAuth scopes you have, and what the API method accepts.

$ curl https://slack.com/api/files.list -H "Authorization: Bearer xoxb-abc-1234" -I
HTTP/1.1 200 OK
x-oauth-scopes: files:read, chat:write, chat:write.public
x-accepted-oAuth-scopes: files:read

x-oauth-scopes lists the scopes your token has authorized. x-accepted-oAuth-scopes lists the scopes that the action checks for.

Please note that certain scopes cannot be asked for in combination with each other. For instance, you cannot request both the bot scope and the client scope. When users arrive at an authorization page requesting invalid scope combinations, they'll see an ugly error stating something to this effect:

"OAuth error: invalid_scope: Cannot request service scope (bot) with deprecated scopes"

Deprecated Scopes

The following scopes are deprecated and their use is strongly discouraged:

• read
• post
• client

Alternatives to the read scope

This scope allows apps to read and inspect a wide range of data types.

Analyze which types of data your app needs and locate the accompanying scope in our scope catalog.

For instance, if you need to read public channel history, request channels:history. If you need to read data about public channels, request [channels:read].

You'll find a scope corresponding to almost all types of data you'll encounter on the Slack platform.

Alternatives to the post scope

This scope allows posting messages into Slack.

Create a Slack app and request the chat:write scope to use chat.postMessage to send messages to channels.

Alternatives to the client scope

This scope allows an app to retrieve all workspace events in real time.

We recommend using a combination of relevant scopes with the Events API to retrieve just the events your app needs.

If you must use the RTM API, you must use the classic bot scope and token model with rtm.connect instead.