Important Changes to Files in the Web API

Slack API
Slack API
Nov 18, 2015 · 2 min read

We are about to launch changes that will affect apps built on the Slack Web or RTM APIs. If that applies to you, continue reading! If not, feel free to continue on your merry way.

What’s Changing

The Slack Web and RTM APIs return file objects in several places including and files.list. Within the file object, there are several attributes including URLs for direct download and thumbnails of the file. For example:

“url”: “https:\/\/…”,
“url_download”: “https:\/\/…”,
“url_private”: “https:\/\/…”,
“url_private_download”: “https:\/\/…”,
“thumb_64”: “https:\/\/…”,
“thumb_80”: “https:\/\/…”,
“thumb_360”: “https:\/\/…”,
“thumb_360_gif”: “https:\/\/…”,


Thumbnails, url, and url_download can be downloaded directly. url_private and url_private_download currently require an authorization header with a token that has either the files:read or read scopes, like:

Authorization: Bearer A_VALID_TOKEN

To help better secure files, the following changes will go into effect on Monday, January 4, 2016:

  • url and url_download will no longer be returned in file objects
  • the URLs provided for thumbnails (those returned with thumb_* attributes) will require the same authorization header as url_private and url_private_download. Although the header won’t be required until 1/4/2016, you can begin sending it with requests now.

What Else?

For reference, we’ve updated the documentation for file objects here. Although the changes won’t be required until 1/4/2016, we highly recommend updating your app as soon as you can. We know this move to a more robust authentication model for files may require big changes to how your app displays file information, and we’re here if you have any questions. Just send us a note at, and we’ll help as best we can.

Slack Platform Blog

Several bots are typing…

Slack Platform Blog

Several bots are typing…

Slack API

Written by

Slack API

The Slack Developer Blog. Other Slack news, features and tips can be found at but this? This is all API, all the time

Slack Platform Blog

Several bots are typing…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Start a blog

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store