Facts
- HTTP
- JavaScript
- Python
- Java
POST https://slack.com/api/tooling.tokens.rotate
app.client.tooling.tokens.rotate
app.client.tooling_tokens_rotate
app.client().toolingTokensRotate
application/x-www-form-urlencoded application/json Arguments
Required arguments
refresh_tokenstringRequiredThe xoxe refresh token that was issued along with the old app configuration token.
xoxe-1-abcdefgUsage info
This API is in beta, and is subject to change without the usual notice period for changes.
App configuration access and refresh tokens are unique to you. Do not share them with anyone.
Rotating configuration tokens
Each app configuration token will expire 12 hours after it has been generated. In order to continually rotate your config tokens, you are also provided with a refresh token.
It's strongly suggested that you refresh your token before it expires, rather than waiting for it to expire and checking for an error from the Slack API.
In order to refresh config tokens, make a call to tooling.tokens.rotate, using the refresh token in the refresh_token argument. In response you'll receive something like this:
{
"ok": true,
"token": "xoxe.xoxp-...",
"refresh_token": "xoxe-...",
"team_id": "...",
"user_id": "...",
"iat": 1633095660,
"exp": 1633138860
}
The token field contains your new config access token, which you can then store and use for Manifest API calls. The refresh_token field contains a new refresh token.
The remainder of the response above contains fields which identify the source workspace and user of each token, as well as timestamps which indicate when the token was issued and when it will expire.
To learn how to use app configuration tokens, read our guide to the App Manifest APIs.
Response
Typical success response
{
"ok": true,
"token": "xoxe.xoxp-...",
"refresh_token": "xoxe-...",
"team_id": "...",
"user_id": "...",
"iat": 1633095660,
"exp": 1633138860
}
Typical error response if incorrect refresh token used
{
"ok": false,
"error": "invalid_refresh_token"
}
Errors
This table lists the expected errors that this method could return. However, other errors can be returned in the case where the service is down or other unexpected factors affect processing. Callers should always check the value of the ok parameter in the response.
access_deniedAccess to a resource specified in the request is denied.
accesslimitedAccess to this method is limited on the current network
account_inactiveAuthentication token is for a deleted user or workspace when using a bot token.
deprecated_endpointThe endpoint has been deprecated.
ekm_access_deniedAdministrators have suspended the ability to post a message.
enterprise_is_restrictedThe method cannot be called from an Enterprise.
fatal_errorThe server could not complete your operation(s) without encountering a catastrophic error. It's possible some aspect of the operation succeeded before the error was raised.
internal_errorInternal error
internal_errorThe server could not complete your operation(s) without encountering an error, likely due to a transient issue on our end. It's possible some aspect of the operation succeeded before the error was raised.
invalid_arg_nameThe method was passed an argument whose name falls outside the bounds of accepted or expected values. This includes very long names and names with non-alphanumeric characters other than _. If you get this error, it is typically an indication that you have made a very malformed API call.
invalid_argumentsThe method was called with invalid arguments.
invalid_array_argThe method was passed an array as an argument. Please only input valid strings.
invalid_authSome aspect of authentication cannot be validated. Either the provided token is invalid or the request originates from an IP address disallowed from making the request.
invalid_charsetThe method was called via a POST request, but the charset specified in the Content-Type header was invalid. Valid charset names are: utf-8 iso-8859-1.
invalid_form_dataThe method was called via a POST request with Content-Type application/x-www-form-urlencoded or multipart/form-data, but the form data was either missing or syntactically invalid.
invalid_post_typeThe method was called via a POST request, but the specified Content-Type was invalid. Valid types are: application/json application/x-www-form-urlencoded multipart/form-data text/plain.
invalid_refresh_tokenThe given refresh token is invalid.
method_deprecatedThe method has been deprecated.
missing_post_typeThe method was called via a POST request and included a data payload, but the request did not include a Content-Type header.
missing_scopeThe token used is not granted the specific scope permissions required to complete this request.
no_permissionThe workspace token used in this request does not have the permissions necessary to complete the request. Make sure your app is a member of the conversation it's attempting to post a message to.
not_allowed_token_typeThe token type used in this request is not allowed.
not_authedNo authentication token provided.
org_login_requiredThe workspace is undergoing an enterprise migration and will not be available until migration is complete.
ratelimitedThe request has been ratelimited. Refer to the Retry-After header for when to retry the request.
request_timeoutThe method was called via a POST request, but the POST data was either missing or truncated.
service_unavailableThe service is temporarily unavailable
team_access_not_grantedThe token used is not granted the specific workspace access required to complete this request.
team_added_to_orgThe workspace associated with your request is currently undergoing migration to an Enterprise Organization. Web API and other platform operations will be intermittently unavailable until the transition is complete.
token_expiredAuthentication token has expired
token_revokedAuthentication token is for a deleted user or workspace or the app has been removed when using a user token.
two_factor_setup_requiredTwo factor setup is required.
unknown_errorTemporary error for dev only restriction