tooling.tokens.rotate method
We're still building and not all features are available quite yet. Enjoy this peek into the future!
Not ready for the future? Return to the past at api.slack.com.
Usage info
This API is in beta, and is subject to change without the usual notice period for changes.
App configuration access and refresh tokens are unique to you. Do not share them with anyone.
Rotating configuration tokens
Each app configuration token will expire 12 hours after it has been generated. In order to continually rotate your config tokens, you are also provided with a refresh token.
It's strongly suggested that you refresh your token before it expires, rather than waiting for it to expire and checking for an error from the Slack API.
In order to refresh config tokens, make a call to tooling.tokens.rotate, using the refresh token in the refresh_token argument. In response you'll receive something like this:
{
"ok": true,
"token": "xoxe.xoxp-...",
"refresh_token": "xoxe-...",
"team_id": "...",
"user_id": "...",
"iat": 1633095660,
"exp": 1633138860
}
The token field contains your new config access token, which you can then store and use for Manifest API calls. The refresh_token field contains a new refresh token.
The remainder of the response above contains fields which identify the source workspace and user of each token, as well as timestamps which indicate when the token was issued and when it will expire.
To learn how to use app configuration tokens, read our guide to the App Manifest APIs.