Authentication overview
We're still building and not all features are available quite yet. Enjoy this peek into the future!
Not ready for the future? Return to the past at api.slack.com.
Authentication is a critical part of the development process, but it doesn’t have to be daunting. With the right tools and best practices, you’ll have a secure, smooth authentication flow. Whether you’re handling OAuth 2.0, verifying requests, or setting up Sign in with Slack, we’ve got you covered.
Authentication basics
Before your app can access Slack data or interact with Slack workspaces, it must go through an authentication process. This involves obtaining the necessary tokens and permissions for your app to function properly. Slack apps use OAuth scopes to govern what they can access. These are added in the app settings when building an app. You will attach these scopes to your tokens. Check out tokens to learn more. You can rotate those tokens too! Find out how on the Using token rotation page.
Key concepts
- OAuth 2.0: Learn how to use OAuth 2.0 to securely authenticate users and request access tokens.
- Tokens: Understand the different types of tokens your app can use (user tokens, bot tokens, and app tokens) and how to manage them, as well as employ token rotation and expiry to keep things fresh.
- Security best practices: Learn about security practices for managing authentication, such as validating tokens, handling sensitive data, and protecting your app from unauthorized access.
Reference
- Scopes and Permissions: Find the right permissions for your app to ensure access is limited to only the necessary data.