You must enable javascript in order to use Slack. You can do this in your browser settings.
You're reading this because you're looking for info on legacy custom integrations - an outdated way for teams to integrate with Slack. These integrations lack newer features and they will be deprecated and possibly removed in the future. We do not recommend their use.
Instead, we suggest that you read about their replacement - Slack apps. Slack apps can be built just for your own workspace or distributed through the App Directory, and they can use the latest and greatest APIs and UI features.
Legacy tester tokens may no longer be created. Learn more.

Legacy tester tokens were an early way to create tokens capable of doing anything a Slack user could do on Slack.


Migrating from legacy tokens

If you were using a legacy token to make calls with the Web API, you'll need to generate a new one for your new Slack app.

Create or manage your Slack apps

For testing and development, you can quickly and easily create a new Slack app and install it in your workspace in just a few clicks. Your tokens are displayed after installation completes.

You may then use the app's settings to progressively add additional permission scopes needed for testing, though you'll need to reinstall the app with each additional permission.

If you want to install in more than one workspace or to better customize scopes, follow our guide to the OAuth flow. OAuth is required to install an app in multiple workspaces on an enterprise grid.

If you use the RTM API or legacy scopes, you may still need to create a "classic Slack app" and use OAuth to request, approve, and install an app for equivalent permissions. Create a classic Slack app here.


Legacy information

Though we recommend that all legacy custom integrations should migrate to Slack apps, we also understand that some will still need to maintain older integrations. This section contains any information about using legacy tokens that is specific to the legacy implementation.

Legacy token management

Tokens may no longer be created, but you can re-issue existing tokens here.

By creating a test API token, you agree to the Slack API Terms of Service.

Please log into your workspace and then reload this page to view your tokens.

Legacy tokens are just for you. Never share legacy tokens with other users or applications. Do not publish Legacy tokens in public code repositories. Review token safety tips.

Legacy tokens have the power of passwords, and should be treated with the same care. You should revoke them if they're not being used. Slack will automatically revoke any old tokens if unused for a long period of time.

Legacy token capabilities

Tokens generated with this tool were associated with the currently signed in user and team. Heed our warnings. Build a Slack app instead.

The tokens will automatically be granted the following scopes:

  • identify - identifies your personal user information like name and team
  • read - allows this token to request data about channels, messages, team members, and more
  • post - allows this token to post content to your channels and perform other write actions like edit your profile
  • client - allows this token to connect to the real time streaming API and perform most actions your user account is capable of throughout the Slack service
  • admin - only attached if the current user is an admin for that team. Allows retrieval and modification of team-wide administrative information.

These tokens provide access to your private data and that of your team. Keep these tokens to yourself and do not share them with others. Tester tokens are not intended to replace OAuth 2.0 tokens.

Revoking legacy tokens

Unused legacy tokens are periodically invalidated by Slack. Use your tokens regularly to avoid automatic revocation.

This old interface allows you to manually re-issue existing tester tokens. They're listed as the Slack API Tester app.

Programmatically revoke your tester tokens by using them with the auth.revoke method.

Tester tokens detected in public Github repositories will be automatically revoked for your protection.