bolt-js icon indicating copy to clipboard operation
bolt-js copied to clipboard
verified publisher icon slackapi

Can't figure out which token

Open alper opened this issue 1 year ago • 3 comments

I don't know which of these tokens is required and which isn't:

CLIENT_ID
CLIENT_SECRET=
SIGNING_SECRET=
VERIFICATION_TOKEN=
APP_LEVEL_TOKEN=
BOT_USER_OAUTH_TOKEN=

Don't you think this is a bit ridiculous?

The documentation doesn't really help either.

alper avatar Feb 06 '25 22:02 alper

Hey @alper! 👋

The credentials needed for your app depend on the features you're using, and while there are quite a few, each has a specific purpose.

To call a Slack API method, a token of some sort is needed. This might be a bot token, which can be gathered with either:

  • BOT_TOKEN: A token provided to be used when making API calls, found on app settings.
  • CLIENT_ID and CLIENT_SECRET: Credentials needed to complete the OAuth process.

A user token can also be collected from either app settings or the OAuth process if user scopes are requested, but this is separate from a bot token.

When your app is receiving events from Slack, either an HTTP request URL or Socket Mode can be used, and the following credentials are related to this:

  • SIGNING_SECRET: A unique signature to verify incoming HTTP requests are from Slack.
    • VERIFICATION_TOKEN: A token used for a deprecated verification technique.
  • APP_TOKEN: A token with scopes that can generate a Socket Mode connection URL.

Only one of point from each section above is required, and when starting a new app it's often fastest to use the app and bot tokens collected from the app settings page.

I realize this can also be quite a bit needed to start an app, but please let me know if more details are needed!

zimeg avatar Feb 07 '25 01:02 zimeg

Thanks! This is super helpful and really should be documented somewhere.

alper avatar Feb 08 '25 09:02 alper

👋 It looks like this issue has been open for 30 days with no activity. We'll mark this as stale for now, and wait 10 days for an update or for further comment before closing this issue out. If you think this issue needs to be prioritized, please comment to get the thread going again! Maintainers also review issues marked as stale on a regular basis and comment or adjust status if the issue needs to be reprioritized.

github-actions[bot] avatar Mar 17 '25 00:03 github-actions[bot]