A Guide to Quickly Understand the Slack API

A quick look at the fantastic API for building on top of one of the most popular remote tools in the world

Alec Jones
May 16 · 6 min read

It is no secret that remote work tools are exploding in popularity as more and more people are required from home, and Slack is no exception. Slack’s stock is at its highest in about the last 10 months.

So, as its usage is growing as working from home becomes the new normal, why not use your developer skills to create a fun game, useful add-on, or whatever your heart desires inside this work-place behemoth?

I’ve put together what I think to be the most essential information, so you can start building your own slack app.

The Basics of Creating a Slack App

To create your very , you’ll only need two things:

  1. A name
  2. A workspace to begin testing it out (I recommend you find a workspace with just yourself in it, or where others won’t mind, because trust me, weird things can happen when testing your slack app; it can disturb annoy other people in the workspace)
creating a slack app

After creating your slack app, you’ll be greeted with lots of new information. Most importantly, you’ll have your slack app’s ID and app’s secret which is essential when accessing Slack’s API.

But, to begin building, you’re going to want to look under “Add features and functionality.” Here you’ll find the 6 building blocks of a slack app. You likely won’t need to use all of them, but let me go over the ones I think are essential.

Slash Commands & Bots

If you want to get up and running quickly, slash commands are far easier for development. They’re very easy to add to your slack app, but they’re very open-ended.

  • Command: should be one word, and easy to remember
  • Request URL: Slack will send all the text after the /command to this web address, and you can do what you would like with the information

The trickiest part of Slash commands is you don’t know exactly what they’re going to type after the /command. It’s important to try to help the user as much as possible through the short description and usage hint.

Bots are the other main type of Slack app that you can create. Bots are harder to make because they’re used more in conversation rather than through a command; here is far less rigidity with bots than slash commands.

Incoming Webhooks & Outgoing Webhooks

Outgoing webhooks are straightforward; Slack’s servers send data out to you. All you’ll need is a specific URL where Slack can send all this data. Make a POST endpoint, and wait to receive incoming requests from Slack!

Incoming webhooks are a little more tricky, but still very commonly used for a slack app. For creating and setting up your first incoming webhook, I’ll direct you to .

An incoming webhook is what is going to allow you to post (pun intended) some message or data to Slack. When a user authorizes your Slack application, you’ll be granted a unique URL for where you can send your messages.

Here’s the key: this incoming webhook only allows you to post only that user’s channel as your slack app.

Slack authorization ()

Once you’ve been given your beautiful new incoming webhook, which should look like:

https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX

Your slack app will be ready to do its job! From this point on, it’s really easy and straightforward, which is nice about Incoming Webhooks. Just format a message, and you’ll be able to send messages with very little work.

Scopes & Permissions

The scopes that you set for your slack integration dictate what information you’ll be able to retrieve from a workspace.

A very common scope is commands which adds shortcuts or slash commands that people can use, or post which allows your integration to post a message to a workspace.

As I’m writing this article, Slack currently has 85 different scopes that you can add to your integration.

It is critical that you have the right scopes to make sure your app works properly as you intend, but you also want to optimize for the minimal number of scopes. If your slack app doesn’t need access to my private messages, then don’t request access to them. People like their privacy, so make sure you’re not getting unnecessarily involved in their slack workspace.

API Methods

Slack has a complete list of all the methods that you’ll be able to use, . Each method has its own documentation page, that will provide everything you’ll need to start using it.

It can be a little daunting to see it all, so let’s break it down!

chat.postMessage summary

This Slack’s extremely popular chat.postMessage function, which allows your slack app to post messages. The difference between this and incoming webhooks, is that you can post as the user or as your slack app, to any channel or any private message you like. There are other permissions you would need to receive, but it’s possible!

Back to the image, first they give the URL, URL method, and content-type, and the rate limit.

You shouldn’t have to worry about rate limit, unless you’re maliciously making a spam bot, in which case, stop reading — I don’t want to help you!

After that, you’ve got tokens and scopes that you’ll need. Make sure your slack app includes the scopes for each API method you are going to be using.

Continuing down, you’ll find the arguments, some are required, but many are optional.

Slack keeps the required arguments to the bare minimum. Token is the most important thing you’ll need, and the hardest to get, but that’s why I’ll go over the OAuth flow below!

Sometimes, you’ll need to access other API functions to get the information needed. For the channel argument, you could access the channels.list endpoint to retrieve the user’s channels.

And obviously, if you’re sending a message, you’ll need some text.

It’s helpful to look at all the arguments at your disposal. Some of them can really be a time savers, or just help your slack app to look more sophisticated.

The method documentation page, especially for popular methods, are super detailed, so always make sure to give them a thorough read.

OAuth 2

OAuth 2 is a secure flow for authenticating an API for the developer. The Slack API is in an exclusive relationship with OAuth 2, so it’s important that you get to know it well.

If you’re the know-it-all developer, you…already know this. But if you’re like me and don’t know authorization flows off the top of your head, here’s a refresher.

The Scenario: I’m building a groovy website that shows you a list of Slack channels you’re in.

The Flow for Slack

Step 1: I get you to log in with Slack using one of those little pop-up windows!

Step 2: Now by logging in, you’ve given me, the developer, an “Authorization Grant.” An “Authorization Grant” is what I need to go get an Access Token.

Step 3: I go with my fresh “Authorization Grant” and ask Slack for an Access Token (these are kind of like API tokens, but they expire).

Step 4: With my fresh Access Token, I can now go and ask for information from Slack based on the scopes that my slack app has.

There you have it, all my knowledge I can impart about Slack’s API. I hope it proves useful for you, and that you’ll go on to create some amazing Slack apps!

Thank you for reading 😊

The Startup

Medium's largest active publication, followed by +644K people. Follow to join our community.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store