Post replies in a thread with incoming webhooks: the thread_ts parameter now puts your webhook reply in its proper place.
The data structure of messages received from our APIs will change with the launch of Block Kit early next year. In return you'll be able to add newer, clearer visual components to make your app's messages magnificent. Even if you aren't using it, your apps may be affected by the additions.
Apps may now restrict Web API requests to as many as 10 IP address ranges.
The developer preview for workspace apps has ended. We're taking the components of workspace apps and breaking them apart: applying them in phases to existing as well as new apps. Read more about the motivation behind ending the preview.
As public channels become private, they now retain their original channel ID. Legacy methods like groups.* and channels.* don't support these transitional channel types and Conversations API methods must be used instead.
Whatever flavor of workspace token you're using, you can now expect the same invalid_auth error code when the token is invalid. You'll receive this error whether the token is expired, revoked, or just plain wrong. Use our OAuth 2.0-based token refresh system to refresh expired tokens safely.
Workspace apps may now continuously rotate shorter-lived tokens without downtime. Our OAuth 2.0-based token refresh system is strongly recommended for all workspace apps. Expiring and rotating tokens is required for all distributed workspace apps.
Clear clever custom statuses like clockwork. Apps can add expiration dates when setting custom statuses for people.
We're postponing planned changes around scope requirements for app and bot access to email addresses. The new date is in autumn, on October 16th, 2018.
Dialogs now follow a separation of callback and state. Read more about the new state parameter and how it differs from callback_id.
"40k ought to be enough characters for any message." - Slack Platform Gatekeepers. Messages are now limited to 40,000 characters.
Your workspace app can use the new apps.uninstall method to uninstall itself from a single workspace, revoking all tokens associated with it. To revoke a workspace token without uninstalling the app, use auth.revoke.
It's official: workspace apps can reach out to and converse with anyone using the new conversations.app_home:create scope. No more fumbling with conversation IDs or different methods: just plug the user's ID into chat.postMessage and go.
If your workspace app posts ghostly messages with chat.postEphemeral, you may have noticed a no_permission error thrown instead of channel_not_found when your app isn't a member of the target conversation. Turns out we actually could find the channel after all.
We updated our Slack App Developer Policy and API Terms of Service to provide more detailed guidance, but we have not made material changes. The new policy is effective August 31, 2018. Together, we keep Slack a safe, private and secure platform for work.
Pagination rules the nation and the Slack API. These methods newly support cursors: files.info, groups.list, im.list, mpim.list, reactions.list, and stars.list. For apps created after August 7, 2018, results will be returned in perfect, piecemeal pages by default.
With Slack developer tools you can now quickly look up documentation, investigate the structure of messages, and more, all inside of Slack.
Commenting on files is now just like replying to a message.
HTTP requests originating from Slack now support Mutual TLS. Use Mutual TLS to attain the highest level of confidence that requests from Slack are, in fact, authentic. Read more.
Get ready to lend users a hand and start working on their behalf. Now workspace apps can ask for permission to read & write personalized settings like reminders, custom status, and profile data.
Our recently launched message actions are now available for use in all Enterprise Grid workspaces and any Shared Channels within them.
Confidently verify a request originates from Slack by validating our new request signatures. The signing process replaces the use of verification tokens, now deprecated.
We expect file threads to arrive after July 19, 2018. Do you manage a Slack app relying heavily on files or file comments? Join our pilot program and prepare your app for file threads ahead of the transition.
Learn when private channels are deleted with the new group_deleted event, now available for the Events and RTM APIs.
The Conversations API now supports workspace apps, using three simplified scopes: conversations:history, conversations:read, and conversations:write. We recommend upgrading your apps in developer preview to the Conversations API as soon as possible.
Beginning October 16, 2018 the users:read.email scope is required to retrieve the email field from user profiles while using user or workspace tokens. Consult our previous announcements on this topic from 2016 and 2017 for migration tips and some historical perspective.
Adding contextual actions lets users send specific messages to your app at will. Here are some amazing things our partners do with actions. This blueprint demonstrates the ineffable synergy of using actions and dialogs together.
Newly-issued bot user token strings are a little longer than before. Building for the ages? Plan for token strings containing up to 255 characters.
Apps participating in our developer preview using the Events API will need to subscribe to message.app_home events for a focused feed of messages between your app and the people who interface with them through the app home. These messages aren't delivered to message.im subscriptions now.
File threads, a replacement for file comments, is on the way!
Measure drop off and send helpful follow ups when users cancel dialogs with these opt-in cancellation notifications.
Have a bot user token you don't need or want to use anymore? Now you can use xoxb- tokens with auth.revoke.
Your workspace token-based apps in developer preview must now request the files:write scope to upload & manage files instead of files:write:user. Existing access grants are backfilled. Know your read & write rights.
Working with workspace token-based apps as part of our preview? Please start using oauth.access instead of oauth.token during installation.
Some bots are users too. Now you can find a bot user's user_id with bots.info.
Enhance your dialogs with dynamic form elements "borrowed" from message menus.
Rediscover the conversations you're party to with users.conversations.
We corrected and clarified the behavior of users.profile.set to only allow admins of paid teams to update email address profile fields.
We added a type field to the requests dispatched to your Options Load URL, used in message menus andβ well, it doesn't work anywhere else yet but we'll have a dialog about that one day...
This significant upgrade to the Slack SDK for Node.js modernizes one of the most widely-used Javascript libraries on our platform with strong typing, more intuitive method signatures, and comfortingly predictable release cycles. It also sheds its aging DataStore, which has not evolved in tandem with the realities of building apps for today's workspaces. Learn more about upgrading in our announcement.
We are continuing to decrease the maximum number of results returned by members arrays returned in channels.* and rtm.start, with the limit currently set to 500 results. conversations.members provides paginated access instead. Read this announcement for detail.
Web API methods will be enhanced with tiered rate limiting beginning March 7, 2018, with most methods gaining greater limits than ever before.
Now you can follow up after users submit your dialogs. Use the new response_url attached to any dialog_submission to send messages after submission.
Now users can respond to dialog textarea elements with up to 3,000 riveting, carefully-chosen characters.
Events API rate limiting has matured, now allowing apps up to 30,000 event deliveries per workspace per hour. Having trouble keeping up? Event deliveries will only be disabled when apps drop below a 5% successful response rate.
The users.setActive method was recently rendered irrelevant by our efforts to modernize our message servers. Use users.setPresence and/or connect via RTM to proclaim a user's presence instead. We'll remove this no-op method entirely on May 8, 2018.
Catch up on recent changes to presence in the RTM and Web APIs and changes to come, including the deprecation of users.list's presence parameter.
Having trouble connecting to the RTM API lately? WebSocket URIs may contain querystring parameters & some libraries don't like that. Find out more.
Workspace token apps in developer preview now must request the chat:write scope to post messages. Existing access grants are backfilled.
Active listening made easier: Subscribe to app_mention events to exclusively receive messages mentioning your app or bot.
Now shared channels can be made private and the implications are well worth considering, especially if assuming channel IDs beginning with C are public.