Skip to main content

Slack

Slack integration allows your product to send notifications, create channels, and post messages directly into Slack workspaces. This is ideal for real-time incident alerts, vulnerability notifications, and DevSecOps collaboration, enabling teams to respond instantly to issues detected in your platform. The integration uses the Slack Web API (for posting messages, creating channels, etc.) and optionally the Slack Events API (for receiving updates from Slack).

Credentials Needed

To connect your product to Slack, you need to create a Slack App in your workspace and obtain OAuth credentials or Bot Tokens.

Required credentials:

  • Bot User OAuth Token (starts with xoxb-...)
  • Signing Secret (for webhook verification, optional if only sending messages)

Use the Bot Token (xoxb) for posting and managing messages. The Signing Secret is only required if your platform receives Slack events or interactions (buttons, slash commands, etc.).

Permissions Needed / API Scopes

When creating your Slack App, assign the following scopes based on what your integration does:

FunctionalityScopeDescription
Post messages to channelschat:writeRequired to send messages
Read channel infochannels:readView channel names and metadata
Create channelschannels:manageCreate new Slack channels
Invite usersusers:readFetch user list and IDs
Respond to interactive messagescommandsNeeded if using slash commands
View messageschannels:history (optional)Read messages if bi-directional sync needed

Minimum Required Scopes for Alert Integration: chat:write, channels:read, users:read

Creating Users / Access Tokens

Step 1: Create a Slack App

  1. Go to Slack API → Your Apps: https://api.slack.com/apps
  2. Click Create New App → Choose From Scratch
  3. Give your app a name (e.g., SecurityAlertBot)
  4. Select your Slack workspace

Step 2: Add OAuth Scopes

  1. Under OAuth & Permissions → Scopes, add the required scopes:
    • chat:write
    • channels:read
    • users:read
  2. Click Install to Workspace
  3. Approve the permissions
  4. ✅ You'll receive:
    • Bot User OAuth Token (starts with xoxb-...)
    • (Optional) Signing Secret under Basic Information → App Credentials

Step 3: Enable Incoming Webhooks (Optional)

If you prefer webhook-based message posting:

  1. Under Features → Incoming Webhooks, toggle ON
  2. Click Add New Webhook to Workspace
  3. Choose the target channel (e.g., #security-alerts)
  4. Copy the Webhook URL (e.g., https://hooks.slack.com/services/T000/B000/XXXX)

Test Connectivity

Option 1 — Using Web API (Bot Token)

curl -X POST "https://slack.com/api/chat.postMessage" \
  -H "Authorization: Bearer xoxb-1234-56789-abcdef" \
  -H "Content-Type: application/json" \
  -d '{
    "channel": "#security-alerts",
    "text": "🚨 *New Critical Vulnerability Detected!* \nService: API Gateway \nSeverity: High"
  }'

Example Response:

{
  "ok": true,
  "channel": "C024BE91L",
  "ts": "1503435956.000247",
  "message": {
    "text": "🚨 *New Critical Vulnerability Detected!* \nService: API Gateway \nSeverity: High",
    "username": "SecurityAlertBot"
  }
}

Option 2 — Using Incoming Webhook

curl -X POST "https://hooks.slack.com/services/T000/B000/XXXX" \
  -H "Content-Type: application/json" \
  -d '{
    "text": "🔔 Security Scan Completed: 3 vulnerabilities detected.",
    "username": "SecurityBot",
    "icon_emoji": ":rotating_light:"
  }'

Example Response:

ok

Save the Results in the Platform and Create Connection

  1. In your platform's integration settings, securely store:
    • SLACK_BOT_TOKEN or SLACK_WEBHOOK_URL
    • SLACK_SIGNING_SECRET (optional)
  2. Label the connection as Slack Integration
  3. Test the connection by sending a sample message
  4. Once validated, configure automation workflows such as:
    • Sending alerts to specific Slack channels (e.g., #devsecops, #incidents)
    • Notifying on issue creation or status change
    • Posting vulnerability reports or incident summaries

Best Practices

  • Use Bot Tokens (xoxb) for secure and flexible integration
  • Store credentials securely in a secret vault
  • Limit bot permissions to only required scopes
  • Use channel IDs instead of names to ensure consistent message delivery
  • Rotate tokens every 90 days
  • Handle Slack rate limits (typically 1 message/second per channel)
  • For bi-directional workflows, use the Events API to capture user actions (e.g., reactions, replies)
  • Use blocks and attachments for rich message formatting
  • Log message delivery responses for debugging
  • When sending frequent alerts, batch or summarize messages to avoid noise

Useful Slack API Endpoints

ResourceMethodEndpointDescription
Post messagePOST/api/chat.postMessageSend message to channel
List channelsGET/api/conversations.listGet all public channels
Get usersGET/api/users.listFetch all workspace users
Create channelPOST/api/conversations.createCreate a new Slack channel
Join channelPOST/api/conversations.joinAdd bot to a channel
Delete messagePOST/api/chat.deleteRemove a message
Update messagePOST/api/chat.updateEdit existing message
Test authenticationGET/api/auth.testVerify token validity

Official Docs: https://api.slack.com/web

Example: Rich Message with Blocks

curl -X POST "https://slack.com/api/chat.postMessage" \
  -H "Authorization: Bearer xoxb-1234-56789-abcdef" \
  -H "Content-Type: application/json" \
  -d '{
    "channel": "#security-alerts",
    "blocks": [
      {
        "type": "section",
        "text": { "type": "mrkdwn", "text": "*🚨 New High-Severity Alert Detected!*" }
      },
      {
        "type": "section",
        "fields": [
          { "type": "mrkdwn", "text": "*Service:* API Gateway" },
          { "type": "mrkdwn", "text": "*Severity:* Critical" }
        ]
      },
      {
        "type": "actions",
        "elements": [
          {
            "type": "button",
            "text": { "type": "plain_text", "text": "View in Platform" },
            "url": "https://yourplatform.com/incidents/12345"
          }
        ]
      }
    ]
  }'

Example Response:

{
  "ok": true,
  "ts": "1689433930.000500",
  "channel": "C02JQ3X999",
  "message": {
    "text": "New High-Severity Alert Detected!"
  }
}

Webhook / Event Integration (Optional)

If you want to receive messages or actions from Slack (e.g., "Acknowledge Incident" button clicks):

  1. Go to your Slack App → Event Subscriptions
  2. Toggle Enable Events = ON
  3. Set Request URL = your product's webhook listener (must respond with HTTP 200 OK)
  4. Subscribe to events such as:
    • message.im (direct messages to bot)
    • reaction_added (emoji reactions)
    • app_mention (when bot is mentioned)
  5. Save changes

Your platform will now receive JSON event payloads from Slack for custom interaction handling.