Create a Slack App to enable OAuth for your Integration

What this tutorial will cover:

Building a native integration with Slack? Get started with building a Slack app with OAuth in this tutorial. We’ll cover:

1. Signing up for a Slack developer account and creating a Slack app

2. Configuring scopes and OAuth options

3. The endpoints you need to know to request access codes and tokens

4. Testing authentication

5. Production considerations

But first, a quick plug: Paragon is an embedded integration platform used by engineering teams to build native integrations faster and more reliably in production. If you’re interested in learning more, there’s more information about Paragon at the end of the tutorial.

1) Signing up for a Slack developer account and creating your Slack app

Signup for an account with this link: https://api.slack.com/developer-program/join

Once your account has been created and you’ve logged in, there should be a link for “Your Apps” in the top right corner of the navbar. Click the green button to “Create New App.”

You now have a Slack app you can use for development!

2) Configuring scopes and OAuth options

For native integrations, you’ll want your application to trigger the OAuth flow, redirect the user to Slack to input their credentials, and get redirected back to your application. To do this, go to the “OAuth and Permissions” tab on the left sidebar of your created app page.

Add a redirect URL - this is where Slack will send the user with the access code in the URL after authentication is complete.

Add any scopes that your application will need, such as chat:write to send messages or channels:history to read chats inside a channel. Use Slack’s documentation to find all needed scopes: https://api.slack.com/scopes

This page is also where you can opt in to “Token Rotation” if you want token expirations enabled, a recommended practice for production-level applications. It’s OK if you want to leave token rotation off for your development environment Slack app to simplify the API authentication process.

3) Endpoints for access codes and tokens

After you have all your OAuth configurations set, navigate back to the “Basic Information” tab in your app on the Slack API site. Here is where you can find your client ID and client secret. You’ll need these to request access codes and tokens.

For triggering your OAuth flow, redirect to this URL: https://slack.com/oauth/v2/authorize with scope and client ID in the URL parameters.

<a href="<https://slack.com/oauth/v2/authorize?scope=incoming-webhook&client_id=33336676.569200954261>">Add to Slack</a>

Slack should send the user back to your redirect URL when authentication is complete with an access code in the URL.

Retrieve the access code, and use this POST endpoint: https://slack.com/api/oauth.v2.access. Include in the request body your client ID, client secret, access code, and grant type in x-www-form-urlencoded format. The full Slack documentation for the oauth.v2.access endpoint can be found here: https://api.slack.com/methods/oauth.v2.access

4) Testing authentication

After a successful POST request, you should get back an access token! Use this in your subsequent requests in your request headers as a bearer token. It should look something like this:

const headers = new Headers();
headers.append("Content-Type", "application/json");
headers.append("Authorization", "Bearer " + access_token

const res = await fetch(SLACK_ENDPOINT, {
    method: "POST",
    body: JSON.stringify({message: "your message"}),
    headers: headers
});

5) Production Considerations

Congratulations! You should be on your way to building a Slack integration in your application. Other practices you may want to add are:

• refresh token mechanisms

• API rate limits

• pagination when handling large response sizes

• encryption of credentials across multiple tenants

Paragon takes care of these challenges out-of-the-box and simplifies the OAuth process if you’d like to skip all of the above steps to get directly to working with the Slack API.

Just input your Slack app’s client ID, secret, and scopes in Paragon’s Slack settings page, use our provided redirect URL, and you’re good to go!

To initiate the OAuth flow in your application, embed our pre-built Connect Portal UI directly in your frontend with just a few lines of code for a completely white-labeled experience.

If you’re interested in learning more about Paragon and how it fits with your product, check out this article on how Paragon fits into your tech stack, our docs, or sign up for a free trial.