Skip to main content

Authorizing the Slack CLI

Once you have the Slack CLI installed for either Windows or Mac/Linux, authorize the Slack CLI in your workspace with the following command:

slack login

Authorization ticket

In your terminal window, you should see an authorization ticket in the form of a slash command, and a prompt to enter a challenge code:

$ slack login

📋 Run the following slash command in any Slack channel or DM
This will open a modal with user permissions for you to approve
Once approved, a challenge code will be generated in Slack

/slackauthticket ABC123defABC123defABC123defABC123defXYZ

? Enter challenge code

Copy the slash command and paste it into any Slack conversation in the workspace you will be developing in.

When you send the message containing the slash command, a modal will pop up, prompting you to grant certain permissions to the Slack CLI. Click Confirm in the modal to continue to the next step.

A new modal with a challenge code will appear. Copy that challenge code, and paste it back into your terminal:

? Enter challenge code eXaMpLeCoDe

✅ You've successfully authenticated! 🎉
Authorization data was saved to ~/.slack/credentials.json

💡 Get started by creating a new app with slack create my-app
Explore the details of available commands with slack help

Verify that your Slack CLI is set up by running slack auth list in your terminal window:

$ slack auth list

myworkspace (Team ID: T123ABC456)
User ID: U123ABC456
Last updated: 2023-01-01 12:00:00 -07:00
Authorization Level: Workspace

You should see an entry for the workspace you just authorized. If you don't, get a new authorization ticket with slack login to try again.

You're now ready to begin building workflow apps!

Version update notifications

Once a day, the Slack CLI checks for updates after running any command. When an update is available, a notification will be displayed with a link where you can find and download the new version.

Update notifications can be disabled using a command-line flag or an environment variable. When running any command, you can append the --skip-update or -s flag. Alternatively, you can set the SLACK_SKIP_UPDATE environment variable and assign it any value.

CI/CD authorization

Setting up a CI/CD pipeline requires authorization using a service token. Service tokens are long-lived, non-rotatable user tokens — they won't expire, so they can be used to perform any Slack CLI action without the need to refresh tokens.

To get a service token, you'll use the slack auth token command to get a slackauthticket, which you'll copy and paste into your workspace to exchange for the service token. The service token will not be saved to your credentials.json file; instead, it is presented in the terminal for you to copy and paste for use in your CI/CD pipeline. Once copied, you'll use the slack login --auth <your-service-token> command to authorize your Slack CLI. Detailed instructions are below.

info

The service token will not conflict with your regular authentication token; you can continue using your regular authentication token within the Slack CLI while using the service token for your CI/CD pipeline.

Best practices for service tokens

Since a service token obtained via the Slack CLI is tied to the developer who requested it, it is recommended — especially for those who are part of large enterprises — to create a "Slack service account" within your workspace for the purpose of obtaining service tokens.

This "Slack service account" will be identical to other user accounts, but service tokens can now be associated with this account rather than an individual organization member. This can reduce the security risk of an individual developer's token being compromised, as well as lessening the dependence on a single individual for service token access and management.

Obtaining a service token

Run the following command to get a slackauthticket:

slack auth token

Then, copy and paste the /slackauthticket <your-auth-ticket> slash command into the message composer anywhere within your Slack workspace.

Copy the given challenge code, and paste it into the Slack CLI prompt.

Securely store the given service token, as this authorization information will not be saved to your local credentials.json file.

Using a service token

Run the following command to authorize your Slack CLI with the service token:

slack --token <your-service-token>

The Slack CLI will attempt to verify the token and use it to log in.

The --token global flag allows you to pass the service token with any Slack CLI command; for example:

slack deploy --token <your-service-token>

Revoking a service token

Run the following command to revoke a service token:

slack auth revoke --token <your-service-token>