These tokens give you the ability to handle things that relate to your app as a whole, like listing all the authorizations an event is visible to. We sometimes refer to them as "zap!" tokens.
App-level token strings begin with xapp. Write actions with user tokens are performed as if by the user themselvesĪpp-level tokens represent your app across organizations, including installations by all individual users on all workspaces in a given organization. User tokens represent the same access a user has to a workspace - the channels, conversations, users, reactions, etc. User tokens gain the "old world" resource-based OAuth scopes requested in the installation process (example: asking for channels:history grants a user token access to conversations.history for any public channel). 
You can use these tokens to take actions on behalf of users. When your app asks for OAuth scopes, they are applied to user tokens. They are issued for the user who installed the app and for users who authenticate the app.
New bot users can request individual scopes, similar to user tokens. Since acting independently allows your app to stay installed even when an installing user is deactivated, using bot tokens is usually for the best.Ĭheck out the guide to creating Slack apps with bot tokens for more info. Unlike user tokens, they're not tied to a user's identity they're just tied to your app. Bot tokens represent a bot associated with the app installed in a workspace.
0 kommentar(er)
