admin.apps.approve method

The features within are only available to Slack workspaces on an Enterprise plan.

Don't have a paid plan? Join the Developer Program and provision a fully-featured sandbox for free.

Facts

DescriptionApprove an app for installation on a workspace.

Method Access

HTTP

POST https://slack.com/api/admin.apps.approve

JavaScript

app.client.admin.apps.approve

Python

app.client.admin_apps_approve

Java

app.client().adminAppsApprove

Scopes

User token:

admin.apps:write

Content types

application/x-www-form-urlencoded

application/json

Rate LimitsTier 2: 20+ per minute

Arguments

Required arguments

tokenstringRequired

Authentication token bearing required scopes. Tokens should be passed as an HTTP Authorization header or alternatively, as a POST parameter.

Example: xxxx-xxxxxxxxx-xxxx

Optional arguments

app_idstringOptional

The id of the app to approve.

Example: A12345

request_idstringOptional

The id of the request to approve.

Example: Ar12345

team_idOptional

The ID of the workspace to approve the app on

Example: T12345

enterprise_idOptional

The ID of the enterprise to approve the app on

Example: E12345

Usage info

This App Management API method approves an app install request, approves an app for a particular workspace, approves an app across an entire enterprise. When approved for an enterprise, an app can still be independently restricted on particular workspaces.

This method requires an admin.* scope. It's obtained through the normal OAuth process, but there are a few additional requirements. The scope must be requested by an Enterprise org admin or owner, and the OAuth install must take place on the entire Enterprise org, not an individual workspace. See the admin.apps:write method for more detailed instructions. When the admin.apps:write scope is used in an admin app to approve or restrict other app installs across an entire Enterprise organization, the UI-based process is disabled and the admin app solely manages apps.

Exactly one of the team_id or enterprise_id arguments is required, not both.

Either app_id or request_id is required. These IDs can be obtained either directly via the app_requested event, or by the admin.apps.requests.list method.

If an app was previously approved/resolved at an org level, it will need to be re-approved at the org level upon any scope changes.

Reinstalling the app to the workspace is required to add new scopes, but no approval at the workspace level is required.

---

Response

Errors

This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing. Callers should always check the value of the ok parameter in the response.

Error

Description

access_denied

Access to a resource specified in the request is denied.

accesslimited

Access to this method is limited on the current network

account_inactive

Authentication token is for a deleted user or workspace when using a bot token.

app_management_app_not_installed_on_org

The app management app must be installed on the org.

app_restricted_org_wide

The app is already restricted org wide.

custom_integration_not_allowed_at_enterprise

Returned when the install request is for custom integration app.

deprecated_endpoint

The endpoint has been deprecated.

ekm_access_denied

Administrators have suspended the ability to post a message.

enterprise_is_restricted

The method cannot be called from an Enterprise.

fatal_error

The server could not complete your operation(s) without encountering a catastrophic error. It's possible some aspect of the operation succeeded before the error was raised.

feature_not_enabled

Returned when the Admin APIs feature is not enabled for this team

internal_error

The server could not complete your operation(s) without encountering an error, likely due to a transient issue on our end. It's possible some aspect of the operation succeeded before the error was raised.

invalid_app_id

The app_id passed is invalid.

invalid_arg_name

The method was passed an argument whose name falls outside the bounds of accepted or expected values. This includes very long names and names with non-alphanumeric characters other than _. If you get this error, it is typically an indication that you have made a very malformed API call.

invalid_arguments

The method was called with invalid arguments.

invalid_array_arg

The method was passed an array as an argument. Please only input valid strings.

invalid_auth

Some aspect of authentication cannot be validated. Either the provided token is invalid or the request originates from an IP address disallowed from making the request.

invalid_charset

The method was called via a POST request, but the charset specified in the Content-Type header was invalid. Valid charset names are: utf-8 iso-8859-1.

invalid_form_data

The method was called via a POST request with Content-Type application/x-www-form-urlencoded or multipart/form-data, but the form data was either missing or syntactically invalid.

invalid_post_type

The method was called via a POST request, but the specified Content-Type was invalid. Valid types are: application/json application/x-www-form-urlencoded multipart/form-data text/plain.

invalid_request_id

The request_id passed is invalid.

invalid_scopes

Some of the provided scopes do not exist

method_deprecated

The method has been deprecated.

missing_post_type

The method was called via a POST request and included a data payload, but the request did not include a Content-Type header.

missing_scope

The token used is not granted the specific scope permissions required to complete this request.

no_permission

The workspace token used in this request does not have the permissions necessary to complete the request. Make sure your app is a member of the conversation it's attempting to post a message to.

not_allowed_token_type

The token type used in this request is not allowed.

not_an_admin

This method is only accessible by org owners and admins

not_authed

No authentication token provided.

org_login_required

The workspace is undergoing an enterprise migration and will not be available until migration is complete.

org_resolution_required

The team_id is in an Enterprise org while app_id is certified.

ratelimited

The request has been ratelimited. Refer to the Retry-After header for when to retry the request.

request_already_resolved

The app request has already been resolved

request_id_or_app_id_is_required

Must include a request_id or app_id

request_id_required_for_custom_integrations

A request_id is required for custom integrations

request_timeout

The method was called via a POST request, but the POST data was either missing or truncated.

service_unavailable

The service is temporarily unavailable

team_access_not_granted

The token used is not granted the specific workspace access required to complete this request.

team_added_to_org

The workspace associated with your request is currently undergoing migration to an Enterprise Organization. Web API and other platform operations will be intermittently unavailable until the transition is complete.

team_not_found

Returned when team id is not found.

token_expired

Authentication token has expired

token_revoked

Authentication token is for a deleted user or workspace or the app has been removed when using a user token.

too_many_ids_provided

Please provide only app_id OR request_id

too_many_teams_provided

Please provide only team_id OR enterprise_id

two_factor_setup_required

Two factor setup is required.