| The rundown | |||
|---|---|---|---|
| Read this if: | You're still experimenting, prototyping, and exploring. | ||
| Read next: | Basic app setup | ||
What do arcade games and Slack APIs have in common? Sure, they're both fun—but to use them, you'll need a token.
Like the pinball machines of days past and present, Slack API endpoints don't let just anyone play. In an arcade, your token proves you obtained permission to play. In your Slack app, your token proves that your app has obtained permission to call an API method.
Whenever you build an app, you'll start by obtaining an access token.
Select all the scopes you need, and none you don't, for your bot user.
Install your app on a single workspace.
Grab a token through the friendly App Management UI.
Request specific scopes for your bot user on each workspace, with each scope clearly explained to users.
Let users in any workspace install your app.
Read our guide to the new OAuth flow for Slack apps.Beyond these two paths to installation, you'll also find oodles of reference material in this library:
Use this quickstart guide if you're already familiar with creating Slack apps, and simply want to see what's different for new apps.
Want a walkthrough on migrating a classic Slack app to use new, subtler permissions? Check out our migration guide.
Verify that requests originating from Slack are trustworthy: check out our guide to verifying requests from Slack.
See a list of token types, with both current and legacy types explained.
See a list of the scopes you can obtain, along with which token they belong with. With arcade games, certain games can only be played with certain tokens, and it's the same with the Slack API: some tokens may only access certain scopes.
