1

I'm using slack web api in my application. One of the features that users can do is to create channels directly from the app. I want to show something for the users, who are not granted to create channels in Slack. But I don't understand how can I get this slack permissions from API.

Gatilin Maxim
  • 77
  • 1
  • 8

2 Answers2

0

Allow me clarify two concepts within Slack:

  1. In addition to required the correct Oauth scopes (e.g. channels:write for channels.create) the permission to create a channel is an admin setting of the workspace.

  2. The rights of your app are determined both by its scopes AND by the rights of the user that installed your app. But NOT the user that uses your app, e.g. via a slash command.

So you can request the correct scopes with your app but your installing user might not have the right to create channel. Unfortunately there is no API method that will tell you if the user has the right to create channels on a particular workspace.

But at least you can show the user an appropriate error message. channels.create will return the error restricted_action in case the user is missing the rights.

Erik Kalkoken
  • 30,467
  • 8
  • 79
  • 114
-1

You have to do what is called "Oauth." You essentially hit Slack's Oauth API and say, "I have this user." They verify the user is who they say they are using their Slack creds. If their creds work, Slack sends you a token. That token lasts for X amount of time. Usually, you store it and dump it when Slack says it is stale. Docs are below.

https://api.slack.com/docs/oauth

Oauth is used for using third party APIs, but it can also be used for smaller apps to identify their users without having to store personal identifiable information (PII) and passwords. Essentially you would put that work on Facebook or Google or Slack because it is safer and less work for you.

Max Baldwin
  • 3,404
  • 3
  • 26
  • 40