Managing API client access to Slack

The Certero connector for Slack uses the Slack APIs to connect and retrieve data from Slack.  The Slack API’s use industry standard OAuth 2.0 protocols for authentication and authorization.

For more information on what OAuth is and how this flow works between an endpoint server and Slack, please see the following link

Slack OAuth2 Overview

OAuth 2.0 is a protocol that lets your app request authorisation to private details in a user’s Slack account without the need for getting their password. It is also the vehicle by which Slack apps are installed on a team.

The app asks for specific permission scopes and is given a unique Client ID and Client Secret which will be used in the OAuth flow. The Client Secret should not be shared.

Optional:  Create a free Slack account (workspace)

1. Use this site to generate a random email address. Emails sent to the generated email address automatically open at the bottom of the page.  Required to view the slack verification code.

2. Set up a workspace in Slack here using the generated email as the login.

3. Add some team members.

4. Click on Finish Setup.

5. Set a username and password.

Enabling the APIs within Slack

Applications are registered with Slack and used to obtain credentials for use with the OAuth 2.0 implementation. Bearer tokens are issued on behalf of users and workspaces.  The Slack Web API makes requests by providing a bearer token when querying information in a Slack workspace.

To create an application and receive a bearer token complete the following steps:

1. Navigate to the Apps module in your Slack instance using this link .
Sign in using an administrator account , not a standard user account.

2. Click the Create New App button:

3. Enter a Name for the app and select a Workspace from the drop down provided. Click Create App:

4. Under Basic Information, scroll down to App Credentials. This section contains the credentials required to query the Slack API from the Certero connector:

Note: App credentials are secret and should not be shared or stored in an insecure way.

5. Under the Basic Information section, in the Add features and functionality option, select Permissions:

You will be taken to the OAuth & Permissions page:

6. Under Redirect URLs enter the following URL and click the Save URLs button.
https://cc.certero.com/cmp/AuthorizeSlackConnector

7. Scroll down to User Token Scopes and select the following permissions from the drop-down list.

8. Under the OAuth Tokens & Redirect URLs section click the Install App to Workspace button:

9. If asked to allow permissions to access the new app click on Allow:

10. You will be given an OAuth Access token that is to be used for the workspace:

Note: Tokens will continue functioning until they are either revoked or the application is uninstalled.

Create a new Slack Connector

Enable the feature for the Endpoint Server.

1. In Certero > Administration > Endpoint Servers , right click on the endpoint server the Slack connector will be ran against and choose properties .

2. Click on the Features option.

3. Enable the Slack Connector row.

4. Click on Save :

Create a connector for Slack.

1. In Certero > Connectors > Slack Connectors , click the ‘ New ’ button.

2. Add a name and description.

3. Copy the Client Id from the Basic Information > App Credentials page and paste into the Client ID

4. Copy the Client Secret from the Basic Information > App Credentials page and paste into the Client Secret

5. Either copy and paste the Token in from the OAuth & Permissions section; Or click the Authorize button:

6. Click Allow.

A token is displayed:

7. Copy the Token value from the confirmation page to the Token in the connector dialog
Note: The token generated was the same as the token displayed in the OAuth & Permissions > OAuth Tokens & Redirect URLs page in Slack.

8. Click on Save.