Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The Slack platform offers several APIs to build apps. Each Slack API delivers part of the capabilities from the platform, so that you can pick just those that fit for your needs. This SDK offers a corresponding package for each of Slack’s APIs. They are small and powerful when used independently, and work seamlessly when used together, too.
Comprehensive documentation on using the Slack Python can be found at https://tools.slack.dev/python-slack-sdk/
Whether you're building a custom app for your team, or integrating a third party service into your Slack workflows, Slack Developer Kit for Python allows you to leverage the flexibility of Python to get your project up and running as quickly as possible.
The Python Slack SDK allows interaction with:
slack_sdk.web
: for calling the Web API methodsslack_sdk.webhook
: for utilizing the Incoming Webhooks and response_url
s in payloadsslack_sdk.signature
: for verifying incoming requests from the Slack API serverslack_sdk.socket_mode
: for receiving and sending messages over Socket Mode connectionsslack_sdk.audit_logs
: for utilizing Audit Logs APIsslack_sdk.scim
: for utilizing SCIM APIsslack_sdk.oauth
: for implementing the Slack OAuth flowslack_sdk.models
: for constructing Block Kit UI components using easy-to-use buildersslack_sdk.rtm
: for utilizing the RTM APIIf you want to use our Events API and Interactivity features, please check the Bolt for Python library. Details on the Tokens and Authentication can be found in our Auth Guide.
Are you looking for slackclient? The website is live here just like before. However, the slackclient project is in maintenance mode now and this slack_sdk
is the successor. If you have time to make a migration to slack_sdk v3, please follow our migration guide to ensure your app continues working after updating.
This library requires Python 3.6 and above. If you require Python 2, please use our SlackClient - v1.x. If you're unsure how to check what version of Python you're on, you can check it using the following:
Note: You may need to use
python3
before your commands to ensure you use the correct Python path. e.g.python3 --version
python --version
-- or --
python3 --version
We recommend using PyPI to install the Slack Developer Kit for Python.
$ pip install slack_sdk
We've created this tutorial to build a basic Slack app in less than 10 minutes. It requires some general programming knowledge, and Python basics. It focuses on the interacting with the Slack Web API and RTM API. Use it to give you an idea of how to use this SDK.
Read the tutorial to get started!
Slack provide a Web API that gives you the ability to build applications that interact with Slack in a variety of ways. This Development Kit is a module based wrapper that makes interaction with that API easier. We have a basic example here with some of the more common uses but a full list of the available methods are available here. More detailed examples can be found in our guide.
One of the most common use-cases is sending a message to Slack. If you want to send a message as your app, or as a user, this method can do both. In our examples, we specify the channel name, however it is recommended to use the channel_id
where possible. Also, if your app's bot user is not in a channel yet, invite the bot user before running the code snippet (or add chat:write.public
to Bot Token Scopes for posting in any public channels).
import os
from slack_sdk import WebClient
from slack_sdk.errors import SlackApiError
client = WebClient(token=os.environ['SLACK_BOT_TOKEN'])
try:
response = client.chat_postMessage(channel='#random', text="Hello world!")
assert response["message"]["text"] == "Hello world!"
except SlackApiError as e:
# You will get a SlackApiError if "ok" is False
assert e.response["ok"] is False
assert e.response["error"] # str like 'invalid_auth', 'channel_not_found'
print(f"Got an error: {e.response['error']}")
# Also receive a corresponding status_code
assert isinstance(e.response.status_code, int)
print(f"Received a response status_code: {e.response.status_code}")
Here we also ensure that the response back from Slack is a successful one and that the message is the one we sent by using the assert
statement.
We've changed the process for uploading files to Slack to be much easier and straight forward. You can now just include a path to the file directly in the API call and upload it that way.
import os
from slack_sdk import WebClient
from slack_sdk.errors import SlackApiError
client = WebClient(token=os.environ['SLACK_BOT_TOKEN'])
try:
filepath="./tmp.txt"
response = client.files_upload_v2(channel='C0123456789', file=filepath)
assert response["file"] # the uploaded file
except SlackApiError as e:
# You will get a SlackApiError if "ok" is False
assert e.response["ok"] is False
assert e.response["error"] # str like 'invalid_auth', 'channel_not_found'
print(f"Got an error: {e.response['error']}")
More details on the files_upload_v2
method can be found here.
AsyncWebClient
in this SDK requires AIOHttp under the hood for asynchronous requests.
import asyncio
import os
from slack_sdk.web.async_client import AsyncWebClient
from slack_sdk.errors import SlackApiError
client = AsyncWebClient(token=os.environ['SLACK_BOT_TOKEN'])
async def post_message():
try:
response = await client.chat_postMessage(channel='#random', text="Hello world!")
assert response["message"]["text"] == "Hello world!"
except SlackApiError as e:
assert e.response["ok"] is False
assert e.response["error"] # str like 'invalid_auth', 'channel_not_found'
print(f"Got an error: {e.response['error']}")
asyncio.run(post_message())
If you are using a framework invoking the asyncio event loop like : sanic/jupyter notebook/etc.
import os
from slack_sdk.web.async_client import AsyncWebClient
from slack_sdk.errors import SlackApiError
client = AsyncWebClient(token=os.environ['SLACK_BOT_TOKEN'])
# Define this as an async function
async def send_to_slack(channel, text):
try:
# Don't forget to have await as the client returns asyncio.Future
response = await client.chat_postMessage(channel=channel, text=text)
assert response["message"]["text"] == text
except SlackApiError as e:
assert e.response["ok"] is False
assert e.response["error"] # str like 'invalid_auth', 'channel_not_found'
raise e
from aiohttp import web
async def handle_requests(request: web.Request) -> web.Response:
text = 'Hello World!'
if 'text' in request.query:
text = "\t".join(request.query.getall("text"))
try:
await send_to_slack(channel="#random", text=text)
return web.json_response(data={'message': 'Done!'})
except SlackApiError as e:
return web.json_response(data={'message': f"Failed due to {e.response['error']}"})
if __name__ == "__main__":
app = web.Application()
app.add_routes([web.get("/", handle_requests)])
# e.g., http://localhost:3000/?text=foo&text=bar
web.run_app(app, host="0.0.0.0", port=3000)
You can provide a custom SSL context or disable verification by passing the ssl
option, supported by both the RTM and the Web client.
For async requests, see the AIOHttp SSL documentation.
For sync requests, see the urllib SSL documentation.
A proxy is supported when making async requests, pass the proxy
option, supported by both the RTM and the Web client.
For async requests, see AIOHttp Proxy documentation.
For sync requests, setting either HTTPS_PROXY
env variable or the proxy
option works.
Using the async client and looking for a performance boost? Installing the optional dependencies (aiodns) may help speed up DNS resolving by the client. We've included it as an extra called "optional":
$ pip install slack_sdk[optional]
import os
from slack_sdk import WebClient
from ssl import SSLContext
sslcert = SSLContext()
# pip3 install proxy.py
# proxy --port 9000 --log-level d
proxyinfo = "http://localhost:9000"
client = WebClient(
token=os.environ['SLACK_BOT_TOKEN'],
ssl=sslcert,
proxy=proxyinfo
)
response = client.chat_postMessage(channel="#random", text="Hello World!")
print(response)
If you're migrating from slackclient v2.x of slack_sdk to v3.x, Please follow our migration guide to ensure your app continues working after updating.
Check out the Migration Guide here!
If you're migrating from v1.x of slackclient to v2.x, Please follow our migration guide to ensure your app continues working after updating.
Check out the Migration Guide here!
If you get stuck, we’re here to help. The following are the best ways to get assistance working through your issue:
Use our Github Issue Tracker for reporting bugs or requesting features. Visit the Slack Community for getting help using Slack Developer Kit for Python or just generally bond with your fellow Slack developers.
We welcome contributions from everyone! Please check out our Contributor's Guide for how to contribute in a helpful and collaborative way.
FAQs
The Slack API Platform SDK for Python
We found that slack-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.