The Slack OAuth API implements the OAuth 2.0 flow that lets developers securely install Slack apps to workspaces and obtain access tokens with specific, granular scopes. An app redirects a user to Slack for consent; after approval, Slack returns an authorization code that the app exchanges for tokens (typically a bot token, and optionally a user token) to call the Web API within the granted permissions.
openapi: 3.1.0
info:
version: "1.0"
title: Slack OAuth API
description: "The Slack OAuth API implements the OAuth 2.0 flow that lets developers securely install Slack apps to workspaces and obtain access tokens with specific, granular scopes. An app redirects
a user to Slack for consent; after approval, Slack returns an authorization code that the app exchanges for tokens (typically a bot token, and optionally a user token) to call the Web API within the
granted permissions. The OAuth system manages scopes, workspace and enterprise installations, admin approvals, reauthorization when scopes change, token rotation with refresh tokens, and revocation
when apps are uninstalled or access is removed. For user sign-in, Slack also offers an OpenID Connect\x13based flow. In short, it provides consent-driven installation, permissioning, and token lifecycle
management for Slack apps."
paths:
/oauth.access:
get:
tags:
- Access
- Get
- Oauth
description: Exchanges a temporary OAuth verifier code for an access token.
externalDocs:
description: API method documentation
url: https://api.slack.com/methods/oauth.access
operationId: getOauthAccess
parameters:
- name: client_id
in: query
description: Issued when you created your application.
schema:
type: string
- name: client_secret
in: query
description: Issued when you created your application.
schema:
type: string
- name: code
in: query
description: The `code` param returned via the OAuth callback.
schema:
type: string
- name: redirect_uri
in: query
description: This must match the originally submitted URI (if one was sent).
schema:
type: string
- name: single_channel
in: query
description: >-
Request the user to add your app only to a single channel. Only
valid with a [legacy workspace
app](https://api.slack.com/legacy-workspace-apps).
schema:
type: boolean
responses:
'200':
description: Successful user token negotiation for a single scope
content:
application/json:
schema:
title: Default success template
required:
- ok
type: object
properties:
ok:
$ref: '#/components/schemas/defs_ok_true'
additionalProperties: true
description: >-
This method either only returns a brief _OK_ response or a
verbose schema is not available for this method.
example:
access_token:
- TOKEN
enterprise_id:
scope: groups:write
team_id: TXXXXXXXXX
team_name: Wyld Stallyns LLC
default:
description: Typical error response
content:
application/json:
schema:
title: Default error template
required:
- ok
type: object
properties:
ok:
$ref: '#/components/schemas/defs_ok_false'
additionalProperties: true
description: >-
This method either only returns a brief _not OK_ response or a
verbose schema is not available for this method.
example:
error: invalid_client_id
ok: false
security:
- slackAuth:
- none
summary: Slack Get Oauth Access
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/oauth.token:
get:
tags:
- Get
- Oauth
- Tokens
description: Exchanges a temporary OAuth verifier code for a workspace token.
externalDocs:
description: API method documentation
url: https://api.slack.com/methods/oauth.token
operationId: getOauthToken
parameters:
- name: client_id
in: query
description: Issued when you created your application.
schema:
type: string
- name: client_secret
in: query
description: Issued when you created your application.
schema:
type: string
- name: code
in: query
description: The `code` param returned via the OAuth callback.
schema:
type: string
- name: redirect_uri
in: query
description: This must match the originally submitted URI (if one was sent).
schema:
type: string
- name: single_channel
in: query
description: Request the user to add your app only to a single channel.
schema:
type: boolean
responses:
'200':
description: >-
Success example using a workspace app produces a very different kind
of response
content:
application/json:
schema:
title: Default success template
required:
- ok
type: object
properties:
ok:
$ref: '#/components/schemas/defs_ok_true'
additionalProperties: true
description: >-
This method either only returns a brief _OK_ response or a
verbose schema is not available for this method.
example:
access_token:
- TOKEN
app_id: A012345678
app_user_id: U0AB12ABC
authorizing_user_id: U0HTT3Q0G
installer_user_id: U061F7AUR
ok: true
permissions:
- resource_id: 0
resource_type: channel
scopes:
- channels:read
- chat:write:user
single_channel_id: C061EG9T2
team_id: T061EG9Z9
team_name: Subarachnoid Workspace
token_type: app
default:
description: Typical error response
content:
application/json:
schema:
title: Default error template
required:
- ok
type: object
properties:
ok:
$ref: '#/components/schemas/defs_ok_false'
additionalProperties: true
description: >-
This method either only returns a brief _not OK_ response or a
verbose schema is not available for this method.
example:
error: invalid_client_id
ok: false
security:
- slackAuth:
- none
summary: Slack Get Oauth Token
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
/oauth.v2.access:
get:
tags:
- Access
- Get
- Oauth
description: Exchanges a temporary OAuth verifier code for an access token.
externalDocs:
description: API method documentation
url: https://api.slack.com/methods/oauth.v2.access
operationId: getOauthAccess
parameters:
- name: client_id
in: query
description: Issued when you created your application.
schema:
type: string
- name: client_secret
in: query
description: Issued when you created your application.
schema:
type: string
- name: code
in: query
description: The `code` param returned via the OAuth callback.
required: true
schema:
type: string
- name: redirect_uri
in: query
description: This must match the originally submitted URI (if one was sent).
schema:
type: string
responses:
'200':
description: >-
Successful token request with scopes for both a bot user and a user
token
content:
application/json:
schema:
title: Default success template
required:
- ok
type: object
properties:
ok:
$ref: '#/components/schemas/defs_ok_true'
additionalProperties: true
description: >-
This method either only returns a brief _OK_ response or a
verbose schema is not available for this method.
example:
access_token:
- TOKEN
app_id: A0KRD7HC3
authed_user:
access_token:
- TOKEN
id: U1234
scope: chat:write
token_type: user
bot_user_id: U0KRQLJ9H
enterprise:
id: E12345678
name: slack-sports
ok: true
scope: commands,incoming-webhook
team:
id: T9TK3CUKW
name: Slack Softball Team
token_type: bot
default:
description: Typical error response
content:
application/json:
schema:
title: Default error template
required:
- ok
type: object
properties:
ok:
$ref: '#/components/schemas/defs_ok_false'
additionalProperties: true
description: >-
This method either only returns a brief _not OK_ response or a
verbose schema is not available for this method.
example:
error: invalid_client_id
ok: false
security:
- slackAuth:
- none
summary: Slack Get Oauth Access
x-api-evangelist-processing:
GenerateOperationSummariesFromPath: true
PascalCaseOperationSummaries: true
CaselCaseOperationIds: true
ChooseTags: true
x-microcks-operation:
delay: 0
dispatcher: FALLBACK
components:
schemas: {}
tags:
- name: Access
- name: Get
- name: Oauth
- name: Tokens