Create a Slack app and authenticate with Postman
Published: September, 2017
Updated: January 14, 2020 (By Jason Wong)
Introduction
This step-by-step guide will walk you through setting up a Slack App and then introduce you to the Slack OAuth authentication flow using Postman. This is also a good way to get a token if you only want to get a token once or you are requesting Grid-level scopes like admin
or auditlogs:read
. If you have a Slack App and need a bot token using our v2 of OAuth 2.0 (that's a mouthful) then you can also use this guide but some things will be a tiny bit different, these will be denoted with the robot emoji 🤖.
Prerequisites
- A Slack Team with admin privileges
- Postman to authenticate and test
Steps
1. Create a Slack App
Create a Slack App by navigating directly to the Create App page. Fill out all the required fields.
2. Get Client ID and Secret for later
On the Basic Information page, scroll down and note the Client ID and Client Secret. For this tutorial, we will copy this information into Postman.
3. Add the Postman OAuth Callback URL to your Redirect URLs.
On the left navigation, click OAuth & Permissions. Here, add the following URL to your list of Redirect URLs: https://www.getpostman.com/oauth2/callback
.
If you are looking specifically to get a Grid-level scope, like admin
or auditlogs:read
, you will need to also make your app publicly distributed. More on this here.
4. Navigate to Postman's Authorization Menu
Now that we have a Slack App to authorize against, we will setup an OAuth 2.0 client. In Postman's Authorization menu, select OAuth 2.0 for the type.
⚠️ Note: You may need to remove Cookies if you already have a session saved in Postman. ⚠️
5. Click the Get New Access Token Button
Once OAuth 2.0 is selected as the type, click the Get New Access Token button to open the OAuth configuration modal.
6. Configure the OAuth settings
Here we will setup the OAuth client. We'll pull information from multiple sources to complete this form:
- Callback URL
https://www.getpostman.com/oauth2/callback
- Auth URL:
https://slack.com/oauth/authorize
- Access Token URL:
https://slack.com/api/oauth.access
- Client ID: Copy the Client ID value from step 2
- Client Secret: Copy the Client Secret value from step 2
- Scope: A space-separated list of OAuth scopes. A complete list of scopes are here.
- Client Authentication:
Send client credentials in the body
🤖 For bot tokens, the following parameters will use v2:
- Auth URL:
https://slack.com/oauth/v2/authorize
- Access Token URL:
https://slack.com/api/oauth.v2.access
7. Press the Request Token button
If you set everything up correctly and pressed Request Token, you should see a familiar Slack authorization window. Select the team you would like to authorize and validate your scopes match what's presented.
Success 🎉
Slack will return Postman a payload that is saved for future use. You can inspect the payload and find the details of that authorization.